Microsoft Entra ID · Security & Compliance
Cloud App Security Administrator
Full permissions in Microsoft Defender for Cloud Apps including adding administrators, policies, and governance actions.
Scope: Full administration of Microsoft Defender for Cloud Apps
Permissions
- Add Defender for Cloud Apps administrators
- Create and modify policies
- Upload logs for analysis
- Perform governance actions
- Full admin access to MCAS
Common use cases
- Cloud app discovery
- Shadow IT detection
- Data loss prevention
- Threat detection for cloud apps
Best practices
- Configure app discovery
- Set up alerts for anomalies
- Review governance policies
- Monitor sanctioned apps
Security considerations
- Full access to cloud app data
- Can perform governance actions
- Can block apps organization-wide