Securing AI Applications with Microsoft Defender for Cloud Apps (MDA)
This article summarizes a webinar presentation by Greg Viska, Product Manager for Defender for Cloud Apps, focusing on how MDA can be used to protect organizations adopting AI applications. The presentation covers discovering, governing, and securing AI applications, including Microsoft Copilot, with a focus on data security and compliance.
The Rise of AI and Associated Security Risks
Organizations are rapidly adopting AI, with over 93% interested in developing and implementing AI strategies. However, a significant majority (90%) feel underprepared to handle the risks associated with these applications.
Key challenges include:
- Lack of visibility into risks.
- Lack of controls to protect data shared in AI.
- Concerns about data security, ensuring sensitive data exchanged between users and apps is protected.
- Increased regulatory pressure and the need for compliance with new data protection regulations.
These challenges are causing concern among security leaders, with almost half considering disabling AI applications in the workplace.
Microsoft Security's Comprehensive AI Security Solutions
Microsoft Security offers a suite of solutions, including Microsoft Defender, Entra, Purview, and Intune, to enable secure and responsible AI adoption. These solutions work together to secure data and interactions in AI applications, whether they are Copilot for Microsoft 365 or thirdparty AI apps.
This article focuses on Microsoft Defender for Cloud Apps (MDA) and its capabilities in providing security for SaaS generative AI applications.
Demo 1: Discovering and Governing ThirdParty AI Applications
The first demo showcases how to discover and govern thirdparty AI applications using MDA's discovery functionality. This involves:
- Leveraging MDA's cloud discovery feature to identify AI applications in use within the organization.
- Utilizing MDA's AI application catalog, which categorizes over a thousand AI apps, to identify and assess risks.
- Creating policies to sanction or unsanction risky AI applications based on their risk scores and compliance requirements.
The demo highlights how to use the risk score to prioritize applications for review and how to create policies to block access to applications with unacceptable security and compliance risks. Integrating with Microsoft Defender for Endpoint (MDE) provides immediate blocking capabilities.
Demo 2: Securing and Governing Copilot for Microsoft 365
The second demo focuses on securing and governing Copilot for Microsoft 365, highlighting how a compromised user could potentially exfiltrate sensitive information using Copilot.
The demo illustrates:
- How Copilot can be used to search for sensitive information, such as project names and financial data.
- How MDA can detect potentially risky activity, such as unusual access to sensitive files through Copilot.
- The use of incidents and alerts in MDA to identify and investigate suspicious Copilot interactions.
- The importance of monitoring user activity and investigating potential data exfiltration attempts.
Advanced Hunting for Proactive Threat Detection
The demo also covers using Advanced Hunting in Microsoft Defender to proactively search for activities related to Copilot and sensitive data exposure. This includes:
- Building custom queries to identify users accessing specific keywords or sensitive information via Copilot.
- Creating custom detection rules to automatically trigger alerts when suspicious activity is detected.
This allows security teams to proactively identify and respond to potential threats related to Copilot and data security.
Conclusion
Microsoft Defender for Cloud Apps provides valuable tools and capabilities for organizations looking to securely adopt AI applications. By leveraging MDA's discovery, governance, and threat detection features, organizations can mitigate the risks associated with AI and ensure data security and compliance. The examples demonstrated highlights the importance of proactive monitoring and the use of Advanced Hunting to identify and respond to potential threats.