You are the IT administrator in a company with a Microsoft 365 E5 subscription.
You are responsible for security in your organization and have deployed Microsoft Cloud App Security.
Your company is concerned with the presence of shadow IT, and you have been tasked with overseeing the discovery of shadow IT.
Select three valid data sources that can be used for discovering Shadow IT:
Click on the arrows to vote for the correct answer
A. B. C. D. E. F.Correct Answers: C, D and E
You can install a log collector for continuous monitoring, A log collector provides insight to Microsoft Cloud App Security.
You can also integrate a Secure Web Gateway with Microsoft Cloud App Security.
This will replace the need to install log collectors on your network endpoints.
You can also integrate Microsoft Cloud App Security with Defender ATP.
This will provide you with tools to discover cloud apps accessed from managed Windows 10 machines.
Option A is incorrect.
This is where you see subscription level events in your tenant.
Option B is incorrect.
Azure Sentinel is a cloud-native security solution.
Option F is incorrect.
Application Insights is an application performance management which lets you monitor your live applications.
To know more about discovering shadow IT, please refer to the link below:
Shadow IT refers to the use of IT systems or applications without the knowledge or approval of the organization's IT department. Shadow IT can pose significant security risks to an organization, as these unauthorized applications may not adhere to the organization's security policies and standards. To discover shadow IT, several data sources can be used, as follows:
A. Azure Activity Log: The Azure Activity Log is a log of all operations that have been performed in an Azure subscription. It can be used to monitor and analyze the activities of users and applications in the subscription. By analyzing the Azure Activity Log, you can detect the use of unauthorized applications or services that may be used for shadow IT.
B. Azure Sentinel: Azure Sentinel is a cloud-native security information and event management (SIEM) system that provides intelligent security analytics and threat intelligence across the enterprise. It can be used to collect, analyze, and correlate data from multiple sources, including the Azure Activity Log, to detect and respond to security threats and incidents, including shadow IT.
C. Log Collector: Log Collector is a tool that collects logs from various sources and consolidates them into a central location for analysis. It can be used to collect logs from various systems and applications, including those used for shadow IT, to detect and analyze unauthorized use of these applications.
D. Defender ATP: Defender ATP is a unified endpoint security platform that provides advanced threat protection for devices running Windows 10. It can be used to detect and respond to various security threats, including those related to shadow IT. For example, it can detect the use of unauthorized applications on devices and alert the IT department.
E. Secure Web Gateway: A Secure Web Gateway is a network security solution that monitors and controls access to web applications and services. It can be used to detect the use of unauthorized web applications or services that may be used for shadow IT. By monitoring web traffic, a Secure Web Gateway can identify unauthorized applications and services that may be accessed by users.
F. Application Insight: Application Insight is a tool for monitoring and analyzing the performance and usage of applications. It can be used to detect the use of unauthorized applications that may be used for shadow IT. By analyzing the usage patterns of applications, Application Insight can identify unauthorized applications that are being used by users.
In summary, the valid data sources that can be used for discovering shadow IT include Azure Activity Log, Azure Sentinel, Log Collector, Defender ATP, Secure Web Gateway, and Application Insight. By analyzing data from these sources, the IT department can detect the use of unauthorized applications and services that may pose security risks to the organization.