Microsoft Defender for Endpoint (MDE) must enable Microsoft Defender for Cloud Apps.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-275985 | SRG-APP-000279 | MSDE-00-000800 | SV-275985r1119715_rule | 2025-11-25 | 1 |
| Description |
|---|
| Malicious code protection mechanisms include, but are not limited to, antivirus and malware detection software. To minimize potential negative impact to the organization that can be caused by malicious code, it is imperative that malicious code is identified and eradicated. This setting forwards Microsoft Defender for Endpoint signals to Defender for Cloud Apps, giving administrators deeper visibility into both sanctioned cloud apps and shadow IT. It also grants the ability to block unauthorized applications when the custom network indicators setting is turned on. Forwarded data is stored and processed in the same location as Cloud App Security data. |
| ℹ️ Check |
|---|
| Access the MDE portal as a user with at least an MDE Administrator or equivalent role: 1. In the navigation pane, select Settings >> Endpoints >> Advanced features (under General). 2. Verify the slide bar for "Microsoft Defender for Cloud Apps" is set to "On". If the slide bar for "Microsoft Defender for Cloud Apps" is not set to "On", this is a finding. |
| ✔️ Fix |
|---|
| Access the MDE portal as a user with at least an MDE Administrator or equivalent role: 1. In the navigation pane, select Settings >> Endpoints >> Advanced features (under General). 2. Set the slide bar for "Microsoft Defender for Cloud Apps" to "On". |