Microsoft Cloud App Security Integration Guide

Microsoft Cloud App Security’s activity policies allow you to enforce a wide range of automated processes using the app provider’s APIs. These policies enable you to monitor specific activities carried out by various users, or follow unexpectedly high rates of one certain type of activity.

After you set an activity detection policy, it starts to generate alerts – alerts are only generated on activities that occur after you create the policy.

In PagerDuty

  1. From the Configuration menu, select Services.
  2. On your Services page:

    If you are creating a new service for your integration, click +Add New Service.

    If you are adding your integration to an existing service, click the name of the service you want to add the integration to. Then click the Integrations tab and click the +New Integration button.

    RS-Add-New-Service

    RS-Add-Integration-Existing-Service

  3. Select your app from the Integration Type menu and enter an Integration Name.

    If you are creating a new service for your integration, in General Settings, enter a Name for your new service. Then, in Incident Settings, specify the Escalation Policy, Notification Urgency, and Incident Behavior for your new service.

  4. Click the Add Service or Add Integration button to save your new integration. You will be redirected to the Integrations page for your service.

    RS-Integration-Settings

  5. Copy the Integration Email for your new integration: RS_email_pd_3

In Microsoft Cloud App Security

  1. In the console, click on Control followed by Policies
  2. Click Create policy and select Activity Policy
  3. Give your policy a name and description, if you want you can base it on a template, for more information on policy templates, see Control cloud apps with policies.
  4. To set which actions or other metrics will trigger this policy, work with the Activity filters.
  5. Under Activity match parameters, select when a policy violation will be triggered. Choose to trigger when a single activity matches the filters or only when a specified number of Repeated activities are detected.
  6. Configure the Actions that should be taken when a match is found.
  7. Under Alerts check Send alert as email and enter your PagerDuty integration email.

FAQ

Can you integrate Microsoft Cloud App Security with multiple PagerDuty services?

Yes, to do this you can create different email integrations on multiple services and add them within Microsoft Cloud App Security. You can also configure multiple services within PagerDuty to share the same email integration address.

Do incidents resolve automatically in PagerDuty when they are resolved in Microsoft Cloud App Security?

No, not at this time.

Start Using PagerDuty Today

Try PagerDuty free for 14 days — no credit card required.