8.4 Defender for Cloud Apps
Key Takeaways
- Defender for Cloud Apps is the Defender product for CASB and SaaS app discovery and control.
- Do not confuse Defender for Cloud Apps with Defender for Cloud.
- SaaS application wording is the strongest cue for Cloud Apps questions.
- Cloud resource posture and workload protection belong to Defender for Cloud, not Cloud Apps.
CASB and SaaS App Discovery
Defender for Cloud Apps is the Defender service the source brief defines as Cloud Access Security Broker (CASB) and SaaS app discovery and control. This is one of the most important product-matching traps in the security solutions domain because the name sounds close to Defender for Cloud. The protected area is different.
Defender for Cloud Apps focuses on SaaS application discovery and control. Defender for Cloud, covered in the previous chapter, protects cloud resources and posture or workloads. If the scenario says SaaS apps, app discovery, or CASB, choose Defender for Cloud Apps. If it says cloud resources, cloud workload protection, cloud security posture, secure score, recommendations, policies, or standards, choose Defender for Cloud.
| Scenario cue | Correct product | Reason |
|---|---|---|
| CASB | Defender for Cloud Apps | Source brief names CASB for this product |
| SaaS app discovery and control | Defender for Cloud Apps | This is the direct product boundary |
| Cloud resources and posture | Defender for Cloud | Different Defender product |
| Cloud workload protection | Defender for Cloud | Workload protection is not Cloud Apps |
The word cloud by itself is not enough. Read the noun after it. Cloud apps means SaaS application usage and control. Cloud resources means infrastructure, posture, policies, standards, recommendations, and workload protection. SC-900 often tests these near-name distinctions because candidates can memorize only part of the product title and miss the actual scenario.
Also keep Cloud Apps separate from Defender for Office 365. Office 365 is email and collaboration workload protection. Cloud Apps is SaaS app discovery and control. A collaboration service may be a SaaS app in everyday language, but the exam cues in the source brief are more precise: use the product boundary the prompt gives you.
Use this decision list:
-
CASB wording means Defender for Cloud Apps.
-
SaaS app discovery means Defender for Cloud Apps.
-
SaaS app control means Defender for Cloud Apps.
-
Cloud posture or secure score means Defender for Cloud.
-
SIEM or SOAR means Microsoft Sentinel.
Defender for Cloud Apps belongs inside the Microsoft Defender XDR services group named in the source brief. It is a security solution, not a Microsoft Purview compliance feature and not a Microsoft Entra identity governance feature. The protected surface is SaaS app usage.
Cloud Apps Decision Check
The safest Cloud Apps answer comes from reading the noun after cloud. Cloud Apps is about SaaS application discovery and control. Cloud resources, posture, recommendations, standards, secure score, and workload protection point to Defender for Cloud instead, which is a separate product covered in the previous chapter.
-
CASB means Defender for Cloud Apps.
-
SaaS app discovery means Defender for Cloud Apps.
-
Cloud posture or workload protection means Defender for Cloud.
Which product should you choose for CASB and SaaS app discovery and control?
Which cue points to Defender for Cloud rather than Defender for Cloud Apps?
What is the safest way to avoid the Defender for Cloud Apps naming trap?