Shadow IT Discovery

Discover and assess unsanctioned cloud applications used across your organization. Identify risks and take action on unauthorized apps.

Discovery Methods

Method	Description
Defender for Endpoint	Automatic discovery from managed devices
Firewall logs	Upload proxy/firewall logs for analysis
API connectors	Direct app-to-app discovery

App Catalog

Over 31,000 cloud apps assessed and scored:

Risk score — 1-10 based on security, compliance, and legal factors
Category — Collaboration, storage, CRM, development, etc.
Compliance certifications — SOC 2, ISO 27001, GDPR, HIPAA
Usage data — Users, transactions, data volume

Actions

Sanction — Approve the app for organizational use
Unsanction — Block access via Defender for Endpoint
Monitor — Track usage without blocking
Tag — Categorize for policy management

API Reference

GET /api/security/cloud-apps/discovered — List discovered apps
PUT /api/security/cloud-apps/:id/sanction — Sanction app
PUT /api/security/cloud-apps/:id/unsanction — Block app

Last updated on February 13, 2026

Session Control Security (Defender)