Rule 2 - Defender for Cloud Apps CI-to-CI Relationships

Rule Synopsis

These are the rule/s that automatically determine and create the CI-to-CI relationships (dependencies) for each MS Defender for Cloud Apps Resource/CI Type.

Rule Details and Default

The default rule/s are described by the table below which show the default CI-to-CI Relationships per Resource/CI Type.

Resource/CI Types	Relationships
Cloud Apps	User uses Cloud App This User relationship is optionally offered on the Relationships Page (i.e. in Step 3) when creating a CI Sync Run Job. The relationship is optional based on a CI Sync Connection Setting. User Synchronization and creation of this User uses Cloud App relation is disabled by default. To enable the User uses Cloud App relationship please read the connection setting guide here: Allow User Synchronization for Defender for Cloud Apps

Resource/CI Types

Relationships

Cloud Apps

User uses Cloud App

This User relationship is optionally offered on the Relationships Page (i.e. in Step 3) when creating a CI Sync Run Job.

The relationship is optional based on a CI Sync Connection Setting. User Synchronization and creation of this User uses Cloud App relation is disabled by default.

To enable the User uses Cloud App relationship please read the connection setting guide here: Allow User Synchronization for Defender for Cloud Apps

Override Options

Context

Customers may consider overriding the default rule to support synchornization of the users using Cloud Applications (as discovered and determined by MS Defender for Cloud Apps).

Options

The rule can be amended so CI Sync creates relationships in ServiceNow between the Business Application CIs (created from Cloud Apps read from Defender) and the users of those Business Applications (as discovered and determined by MS Defender for Cloud Apps). The relationships created are many-to-many (i.e. one business application can have many users using it, and one user can be user of many business applications).

Overriding via Connection Settings

Customers can perform the override using a “Connection Setting” via the CI Sync User Interface (i.e. customers can perform the overrides themselves). Additional information for this is available via the following documentation:

For a general overview of CI Sync Connection Settings please read Understanding the use of CI Sync Connection Settings.
For the specific CI Sync Connection Setting/s related to the rule described on this page please read Allow User Synchronization for Defender for Cloud Apps.

For documentation on all CI Sync Connection Settings please visit the page tree Connection Setting Guides.

Additional Information

N/A

Support Model for Rule Overrides

Question: Can overrides be performed by customers without a Syncfish Extended Implementation and Support Plan?

Answer: Yes (via self-service in the CI Sync UI)

Question: Which Syncfish Extended Implementation and Support Plan is required to obtain overrides of this rule

Answer: Either a Bronze Plan, Silver Plan or Gold Plan (for customers wanting Syncfish assistance to perform overrides of this rule)