Skip to main content
Versa Networks

Integrate with Microsoft Defender for Cloud Apps

  1. Last updated
  2. Save as PDF

Microsoft Defender for Cloud Apps is a Cloud Access Security Broker (CASB) that operates on multiple clouds. It provides visibility, control over data travel, and sophisticated analytics to identify and combat cyber threats across cloud services. Versa integrates Microsoft Defender for Cloud Apps to discover and control the use of shadow IT in an enterprise.

This article describes how to add Versa SASE, a secure web gateway (SWG), as a data source to stream the weblogs from Versa SSE cloud to Microsoft Defender for Cloud Apps for discovery of cloud applications and how to set up Versa Concerto for API integration with Microsoft Defender for Cloud Apps to control the use of shadow IT.

Versa SWG integrates full-stack security, identity management, cloud application security and SSL encryption and decryption, Versa Secure Access (VSA), and SD-WAN into a simple service that runs in the cloud, on-premises, or a mix of the two. For more information, see Versa SASE Solution.

The Versa ConcertoTM orchestrator provides an easy-to-use user interface to configure and monitor Versa Operating SystemTM (VOSTM) devices in Secure SD-WAN and Secure Access Service Edge (SASE) deployments. The Concerto orchestrator microservices architecture allows it to scale to manage tens of thousands of VOS devices. The Concerto orchestrator uses the services of Versa Director, Versa Controller, and Versa Analytics (collectively called the DCA complex) to manage VOS devices. For more information, see Versa Concerto Overview.

Before You Begin

Before you begin, ensure that you have the following:

  • Administrator login credentials to Concerto
  • Administrator login credentials to Microsoft Defender for Cloud Apps
  • Active subscription to Microsoft Defender for Cloud Apps

Configure Microsoft Defender for Cloud Apps for Integration

To integrate Microsoft Defender for Cloud Apps with Concerto, you do the following:

  • Generate an API token.
  • Add an SWG as a data source.
  • Configure a log collector.
  • Enter an API token in Concerto .

You can access Microsoft Defender for Cloud Apps Dashboard using this link: https://portal.cloudappsecurity.com/

You can also access Microsoft Defender for Cloud Apps from Microsoft 365 Admin Center, under Security > More Resources > Cloud App Security.

Generate API Token

You must generate an API token from the Microsoft Defender for Cloud Apps portal and then use this token to integrate it with Concerto.

To generate an API token on Microsoft Defender for Cloud Apps:

  1. Log in to the Microsoft Defender for Cloud Apps portal.

    settings-menu.png
  2. In the Home window, select Settings in the left menu bar. The Settings window displays.

    defender-settings.png
  3. Select Cloud Apps.

    api-token-add-token-option.png
  4. Select System > API tokens in the left menu bar and click + Add Token. The Generate new token popup window displays.

    generate-token.png
  5. Enter a name for the token and click Generate. Note down the API token and URL that display on screen to enter in Concerto later. The token does not display again when you close this window.;

    generate-token-success.png

Add a Versa SWG as Data Source

You must configure Microsoft Defender for Cloud Apps to accept logs from a Versa SWG by adding SWG as a data source on the Microsoft Defender for Cloud Apps portal.

To add an SWG as a data source:

  1. Log in to the Microsoft Defender for Cloud Apps portal.
  2. In the Microsoft Defender dashboard, click the Settings and then Cloud Apps.
  3. Select Cloud Discover > Automatic log upload in the left menu bar.

    mcas-data-sources-tab.png
  4. Click the Data sources tab and then click + Add data source. Enter the following information in the Add Data Source window. Ensure that the values are same as that provided in the field descriptions table for Microsoft Defender for Cloud Apps to receive data from SWG.

    add-data-source.png
     
    Field Description
    Name Enter the name as VersaSWG.
    Source Select Generic CEF log.
    Receiver type Select Syslog - UDP.
  5. Click Add.

Configure Log Collector

You configure a log collector in Microsoft Defender for Cloud Apps for it to share log data with Concerto.

To configure a log collector:

  1. In the Microsoft Defender dashboard, click the Settings and then Cloud Apps.
  2. Select Cloud Discover > Automatic log upload in the left menu bar.
  3. In the Automatic log upload window, click the Log collectors tab.

    mcas-log-collector-tab.png
  4. Click + Add log collector. Enter the following information in Create log collector window.

    create-log-collector.png
     
    Field Description
    Name Enter a name for the log collector, for example, VersaLogCollector.
    Host IP address or FQDN Enter the IP address or FQDN of the host server.
    Data Source(s) Select the data source (here, VersaSWG) that you added in Add Versa SWG as Data Source, above.
  5. Click Create. The following screen displays.

    create-log-collector-with-data.png

Enter Microsoft Defender for Cloud Apps API Token in Concerto

To integrate Concerto with Microsoft Defender for Cloud Apps, you use the API token that you generate from Microsoft Defender dashboard in Concerto.

To enter the Microsoft Defender for Cloud Apps API token in Concerto:

  1. Go to Configure > Security Service Edge > Settings > Partner Integration > Microsoft Defender Cloud Apps.

    concerto-mcas-token-enter.png
  2. In the MDCA Authentication Token field, enter the token that you generated and copied in Generate API Token, above.
  3. Click Test to check whether the token is valid. The following message displays if the token is valid.

    concerto-mcas-token-test.png
  4. Click Save to save the token.

    concerto-mcas-token-save.png
  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Page type
    Topic
    Product
    Concerto
  2. Tags
    1. Microsoft Defender