Microsoft Defender for Cloud Apps Now Tracks Unauthorized SaaS Apps on macOS

Cloud Computing

Key Takeaways:

  • Microsoft has announced that the Shadow IT discovery capabilities in Defender for Cloud Apps now support macOS.
  • The new integration with Defender for Endpoint makes it easier to detect and remediate risky behaviors on SaaS apps on macOS.
  • The update includes support for Podman and Syslog-tls receiver types, allowing for comprehensive log collection and insight into Shadow IT on various platforms, including AKS and Linux containers.

Microsoft has released an update for its Defender for Cloud Apps, extending its Shadow IT discovery capabilities to macOS devices. This enhancement enables organizations to monitor and manage unauthorized SaaS applications on Mac machines.

What is Shadow IT?

Shadow IT refers to the use of technology systems, software, applications, services, and devices without the IT department’s approval or knowledge. These unapproved tools could introduce major security vulnerabilities and often lead to data breaches and other cybersecurity issues. Shadow IT also makes it harder for administrators to keep track of where data is stored and how it’s being used within the organization.

Key features and benefits

Microsoft Defender for Cloud Apps offers various features to help customers discover SaaS apps and assess risks in order to enhance overall security. Previously, IT admins could only use network logs to discover SaaS apps on Windows devices.

With the new Defender for Endpoint integration, Microsoft Defender for Cloud apps now supports the discovery of Shadow IT SaaS apps on macOS devices. This makes it easier to detect and remediate risky or unusual behaviors on SaaS apps on Mac devices. Additionally, Microsoft has improved the log collector for customers who don’t use the native Defender for Endpoint integration with Defender for Cloud Apps.

“Specifically, we have added two new capabilities to the Defender for Cloud Apps log collector, enabling it to operate on popular container runtimes such as Podman and AKS. With these capabilities, customers can leverage the log collector to thoroughly discover shadow IT apps on other popular distros like RedHat and AKS,” Microsoft explained.

Microsoft Defender for Cloud Apps Now Tracks Unauthorized SaaS Apps on macOS
The navigation path in the Microsoft Defender portal (Image Credits: Microsoft)

How to discover SaaS apps on macOS?

Microsoft notes that administrators will need to follow these steps to discover shadow IT on macOS:

  • In the Microsoft Defender portal, click the Cloud discovery tab to view a list of Defender – managed endpoints.
  • The stream offers a comprehensive view of all discovered apps, users, resources, IP addresses, as well as Windows and macOS devices.

Microsoft Defender for Cloud Apps log collector adds support for Podman

Microsoft has also added support for Podman to the Defender for Cloud Apps log collector. Podman, which is a daemonless container engine, is used for running and managing Open Containers Initiative (OCI) containers on Linux machines. This new feature ensures that the Defender for Cloud Apps log collector works seamlessly with Podman’s runtime.

Lastly, the log collector feature in Azure Kubernetes Service (AKS) enhances Defender for Cloud Apps by collecting logs from network devices without native integration. This release also introduces support for Syslog-tls receiver types, allowing IT admins to gain insights into Shadow IT on AKS workloads.