Q. What is Azure AD Cloud App Discovery?
A. Nearly every organization uses cloud services today however many cloud services are not centrally managed by the organizations IT department who can therefore not integrate a corporate cloud identity with the various cloud services. Trying to discover which cloud services are used within the organization can be very difficult traditionally as departments purchase services themselves. Azure AD Cloud App Discovery is a feature available with Premium Azure AD that enables the gathering of cloud services utilized within an organization and then presents the information in a cloud based dashboard which shows the cloud services used, how much they are used, which users are using them and out of the applications which are managed and which are unmanaged by Azure AD.
Azure AD Cloud App Discovery works by deploying a small agent to all the machines in your environment which report directly to the service hosted in Azure. All traffic to cloud services from the client that uses HTTP or HTTPS will be captured by the agent whether it originates from an application or a web browser (even if in private mode).
To get started ensure you have Azure AD Premium and add the Azure AD Cloud App Discovery to your subscription from the Azure marketplace (through the Azure portal at https://portal.azure.com). Once the service is added open the Settings and select Manage Agent then select the User consent option. There are three options available and one must be selected before the agent can be downloaded and deployed. Either:
- No notification or consent required
- Require notification
- Require user consent
Make a selection and click Update. The option to download the client will be available. The download is a ZIP file containing the agent and a tenant specific certificate which is what configures the agent to report to the correct Azure AD Cloud App Discovery instance.
The agent can be deployed manually or via Configuration Manager, Group Policy or any other software deployment technology. Once the agent is deployed to a machine the data will start to be shown in the portal within about 10 minutes.
You will also receive a weekly email summarizing the applications discovered and the number of users that are utilizing them.
Some useful articles are:
- Azure AD Cloud App Discovery - http://social.technet.microsoft.com/wiki/contents/articles/24037.cloud-app-discovery-frequently-asked-questions.aspx
- Getting started with Cloud App Discovery - http://social.technet.microsoft.com/wiki/contents/articles/30962.getting-started-with-cloud-app-discovery.aspx
- Deploy agent with Configuration Manager - http://social.technet.microsoft.com/wiki/contents/articles/30968.cloud-app-discovery-system-center-deployment-guide.aspx
- Deploy agent with Group Policy - http://social.technet.microsoft.com/wiki/contents/articles/30965.cloud-app-discovery-group-policy-deployment-guide.aspx