A new Azure AD module in preview: Cloud App Discovery

A new Azure AD module in preview: Cloud App Discovery

  • Comments 14
  • Likes

Howdy folks,

Today I have the privilege to announce the preview of our new Cloud App Discovery features. These new features give IT visibility into which cloud apps are in use within the organization. You can try it for free here.

I've had the opportunity to meet with hundreds of enterprise customers this year, and one of the consistent things I've heard from them is "I know people are using SAAS apps in my company, but I don't know which ones".

All of these customers expressed concerns about unauthorized access to corporate data, possible data leakage and other security risks inherent in the application. And since they didn't even know how many apps or which apps were being used, even getting started building a plan to deal with these risks seems daunting.

Our new Cloud App Discovery service is our first step to help answer that question. It enables IT to easily determine which cloud apps are in use in the organization. IT can then take steps to integrate the applications with Azure Active Directory.

I've asked Girish Chander, who leads the Program Management team responsible for this feature, to give you a detailed walkthrough of Cloud App Discovery.

(Note: For the sake of agility, this new preview is not integrated into the Azure Management Portal. But it will be moved there by the time it GA's)

As always, we're looking forward to your feedback and suggestions!

Regards,

Alex Simons (Twitter: @Alex_A_Simons)

Director of PM

Active Directory Team

----------------------------------------------------------------------- 

Hi everyone,

I'm Girish Chander and for the last three months I've been driving the effort to design and build our Cloud App Discovery features. These features address one of the top pieces of feedback we've heard from customers. "Help me find out what apps my employees are using, so I can manage these applications better"

With Cloud App Discovery, IT can:

  • Get a summary view of total number of cloud applications in use and the number of users using cloud applications
  • See the top cloud applications in use within the organization
  • See top applications per category
  • See usage graphs for applications that can be pivoted on users, requests or volume of data exchanged with the application
  • Drill down into specific applications for targeted information
  • Easily proceed to integrate an application with Azure Active Directory

Here's how you can try it out for yourself

Step 1: Signing-up for the service

  1. Just go to Cloud App Discovery portal and click 'Get Started' on the top right.

 

  1. Sign in using your Organizational account.

 

If you don't already have one, don't worry, it's very easy to create one. Just follow the links on the screen.

 

  1. Consent to the Cloud app discovery service

    Only administrators are allowed to access the Cloud App Discovery portal. The Cloud App Discovery service needs consent to be able to authenticate admins of an organization using their Organizational account. The service also needs to be read the Directory to ensure that the user logging in, is an administrator.

Step 2: Getting data into the dashboard

The Cloud App Discovery service uses an agent to discover the applications in use. This cloud app discovery endpoint agent can be deployed on all machines in your organization that run Windows 7 or higher versions. These agents capture app usage information and send it over a secure, encrypted channel to the Cloud App Discovery service.

 

  1. Download the agent:

The first time you sign-up to the portal, you will be directed to download the Cloud App Discovery endpoint agent. After you download the agent, you can deploy it on any number of machines.

 

 

  1. Install the Agent on your machine

Installing the agent is a breeze and takes less than a minute. Extract the contents of the zip file and click the install.

  1. Verify the install if you like

    Open services.msc and look for a service called Microsoft Cloud App Discovery Endpoint agent

 

Please note: Install the endpoint agent on a machine where you actively work. Within a few minutes of installing the agent, you'll be able to see the information show up in the dashboard. The longer the agents run, the more information is collected.

If you go to the portal before we've had a chance to process any data from the agents, you may hit a message like the one below. Just wait for a few minutes and refresh the page. You should be able to see the data soon enough.

 

  1. Install the agent on multiple machines

To discover applications in use across the organization, deploy the agent on all machines in your organization. You can use any software distribution scheme you already have in place (like SCCM), to distribute the endpoint agent.

Step 3: Exploring the Portal

The Cloud App Discovery portal has a few pages that you can explore

  1. An interactive Dashboard which provides an executive summary including:
    1. The total number of cloud applications discovered
    2. The total number of users using these cloud applications
    3. Top 10 applications discovered that can be pivoted by:
      1. Number of web requests to the application
      2. Total volume of data uploaded and downloaded.
      3. Number of unique users.
    4. Usage trends over a selectable duration of time for the top 5 applications discovered.

 

  1. A comprehensive view into all applications discovered, in the apps page.

    Click on the 'apps discovered' tile on the dashboard to:

    1. Get a categorized view of all the cloud applications discovered.
    2. View Top applications within each category.
    3. Filter applications by category.
    4. Sort applications by recently discovery, most number of sessions, most volume of traffic and most number of unique users.

 

  1. Ability to drill into a specific application on a per-app page

    You can click on a specific application from the dashboard or the all apps page to drill down into a specific application. You can see:

    1. Total number of unique users that have used the application
    2. Total number of web requests made to the application
    3. Total volume of data uploaded and downloaded to the application.
    4. Usage trends over time across above pivots
    5. Link to integrate the application with AAD to provide users with SSO and give IT more control.

    For example, the following is the application for the 'Eloqua' application.

Across the portal you will find the ability to tweak the date range for the data you are viewing.

Tell us what you think!

Go on give the Cloud App Discovery Service is a try….it's free!

See how Azure Active Directory and the Cloud App Discovery feature can help your organization securely adopt cloud applications.

Over the next few weeks we'll continue to make improvements to this service and light up more value. Give us your feedback- we'd love to hear from you. Your inputs help us ensure that we deliver a solution that works for you. If you have any suggestions, questions, or comments, please use this forum.

Happy exploring!

-Girish

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • Is there a silent switch for the installer?

  • @Ryan, use /quiet.

    To get all the switches execute it with /?

  • Hi,
    Can I discover a custom application that my org. is using this and add the same to azure AAD to configure SSO.

  • is there an option to inspect on a proxy server or firewall rather than on all clients individually ?

  • This is a great post here. I really want check this blog every time because it gives us different ideas about a lot of things. https://foursquare.com/mikeoskarlong