Microsoft Defender for Cloud Apps Integration Guide

Microsoft Defender for Cloud Apps’ activity policies allow you to enforce a wide range of automated processes using the app provider’s APIs. These policies enable you to monitor specific activities carried out by various users, or follow unexpectedly high rates of one certain type of activity.

After you set an activity detection policy, it starts to generate alerts – alerts are only generated on activities that occur after you create the policy.

In PagerDuty

1. Go to the Services menu and select Service Directory.
2. On the Service Directory page:
   • If you are creating a new service for your integration, click +New Service and follow the steps outlined, selecting this integration in step 4.
   • If you are adding your integration to an existing service, click the name of the service you want to add the integration to. Then click the Integrations tab and click Add a new integration.
3. Under Select the integration(s) you use to send alerts to this service search and select this integration.
4. Click the Add Service or Add Integration button to save your new integration. You will be redirected to the Integrations page for your service.
5. Find the integration in the list, click the ∨ dropdown and copy the Integration Email.

In Microsoft Defender for Cloud Apps

1. In the console, click on Control followed by Policies
2. Click Create policy and select Activity Policy
   
3. Give your policy a name and description, if you want you can base it on a template, for more information on policy templates, see Control cloud apps with policies.
4. To set which actions or other metrics will trigger this policy, work with the Activity filters.
5. Under Activity match parameters, select when a policy violation will be triggered. Choose to trigger when a single activity matches the filters or only when a specified number of Repeated activities are detected.
6. Configure the Actions that should be taken when a match is found.
7. Under Alerts check Send alert as email and enter your PagerDuty integration email.
   

FAQ

Can you integrate Microsoft Defender for Cloud Apps with multiple PagerDuty services?

Yes, to do this you can create different email integrations on multiple services and add them within Microsoft Defender for Cloud Apps. You can also configure multiple services within PagerDuty to share the same email integration address.

Do incidents resolve automatically in PagerDuty when they are resolved in Microsoft Defender for Cloud Apps?

No, not at this time.