This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 87%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENM%3C/text%3E%3C/svg%3E)
The CIS Benchmark 2.1 for Azure recommends integrating Microsoft Defender for Cloud Apps with Microsoft Defender for Cloud by selecting the appropriate setting. However, the method described in the CIS document does not work for us as we cannot find the "Integrations" blade in Defender for Cloud. How can we integrate these two services?
Here are the steps mentioned in the CIS document that we tried to follow:
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 27%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERP%3C/text%3E%3C/svg%3E)
Hello @Neha Mittal,
Thank you for posting your query on Microsoft Q&A.
Based on your description, it seems you are following the CIS Benchmark 2.1.0 document, specifically the recommendation to "Ensure Microsoft Defender for Cloud Apps is enabled and configured."
From what you've mentioned, it looks like you've followed the steps to enable "Allow Microsoft Defender for Cloud Apps to access my data," but you're unable to find the integration blade itself.
It's possible that the CIS document you're using may be outdated and hasn't been updated with the latest features. Could you please share the CIS document you're following so I can review it?
To integrate with Microsoft Defender for Cloud, navigate to the Environment Settings blade, then Defender plans > Settings & Monitoring, and enable Endpoint protection. This will integrate with Defender for Cloud.
To check whether this integration is already enabled, I recommend following the instructions in the documentation below. You can run the HTTP request by clicking "Try it" to check the output, which will show whether "Allow Microsoft Defender for Cloud Apps to access my data" is set to true or false.
Check Defender for Cloud settings
Please let me know the output from above API request.
Thanks,
Raja Pothuraju.
Hello @Neha Mittal,
Following up to see if the below suggestion was helpful. And, if you have any further query do let us know.
Hello @Neha Mittal,
Following up to see if the below suggestion was helpful. And, if you have any further query do let us know.
Hello @Raja Pothuraju Thanks for your inputs. I can confirm the MCAS settings for the subscription is true- "value": [
{
"id": "/subscriptions/xxxxx/providers/Microsoft.Security/settings/MCAS",
"name": "MCAS",
"type": "Microsoft.Security/settings",
"kind": "DataExportSettings",
"properties": {
**"enabled": true**
}
However i cant find any reference in Microsoft documentation which states that enabling "Endpoint Protection" enables integration between Microsoft Defender for Cloud Apps with Microsoft Defender for Cloud. Can you please provide any reference.
I need to understand is this MCAS by default came "True" or someone other policy planned enabled it.
CIS Benchmark 2.1.0 is the latest documentation. This control is 2.1.20 Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected (Manual)
Profile Applicability: • Level 2
Description: This integration setting enables Microsoft Defender for Cloud Apps (formerly 'Microsoft Cloud App Security' or 'MCAS' - see additional info) to communicate with Microsoft Defender for Cloud.
Rationale: Microsoft Defender for Cloud offers an additional layer of protection by using Azure Resource Manager events, which is considered to be the control plane for Azure. By analyzing the Azure Resource Manager records, Microsoft Defender for Cloud detects unusual or potentially harmful operations in the Azure subscription environment. Several of the preceding analytics are powered by Microsoft Defender for Cloud Apps. To benefit from these analytics, subscription must have a Cloud App Security license. Microsoft Defender for Cloud Apps works only with Standard Tier subscriptions. Impact: Microsoft Defender for Cloud Apps works with Standard pricing tier Subscription. Choosing the Standard pricing tier of Microsoft Defender for Cloud incurs an additional cost per resource.
Audit: From Azure Portal 1. From Azure Home select the Portal Menu 2. Select Microsoft Defender for Cloud 3. Select Environment Settings blade 4. Click on the subscription name 5. Select the Integrations blade 6. Ensure setting Allow Microsoft Defender for Cloud Apps to access my data is selected.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 59%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHR%3C/text%3E%3C/svg%3E)
Thanks for your feedback. I can confirm that this was not helpful and possibly is not what CIS meant. Following powershell command is from CIS:
Get-AzSecuritySetting | Select-Object name,enabled |where-object {$_.name -eq "MCAS"}
and enabling (on) and disabling (off) the Endpoint protection has no effect on the result of the powershell command!