How Defender for Cloud Apps helps protect your Zendesk

As a customer service software solution, Zendesk holds the sensitive information to your organization. Any abuse of Zendesk by a malicious actor or any human error may expose your most critical assets and services to potential attacks.

Connecting Zendesk to Defender for Cloud Apps gives you improved insights into your Zendesk admin activities and provides threat detection for anomalous behavior.

Main threats

• Compromised accounts and insider threats
• Data leakage
• Insufficient security awareness
• Unmanaged bring your own device (BYOD)

How Defender for Cloud Apps helps to protect your environment

• Detect cloud threats, compromised accounts, and malicious insiders
• Use the audit trail of activities for forensic investigations

Control Zendesk with policies

For more information about creating policies, see Create a policy.

Automate governance controls

In addition to monitoring for potential threats, you can apply and automate the following Zendesk governance actions to remediate detected threats:

For more information about remediating threats from apps, see Governing connected apps.

Protect Zendesk in real time

SaaS security posture management

Connect Zendesk to automatically get security posture recommendations for Zendesk in Microsoft Secure Score. In Secure Score, select Recommended actions and filter by Product = Zendesk. For example, recommendations for Zendesk include:

• Enable multi-factor authentication (MFA)
• Enable session timeout for users
• Enable IP restrictions
• Block admins to set passwords.

For more information, see:

• Security posture management for SaaS apps
• Microsoft Secure Score

Connect Zendesk to Microsoft Defender for Cloud Apps

This section provides instructions for connecting Microsoft Defender for Cloud Apps to your existing Zendesk using the App Connector APIs. This connection gives you visibility into and control over your organization's Zendesk use.

Prerequisites

• The Zendesk user used for logging into Zendesk must be an admin.
• Supported Zendesk licenses:
  • Enterprise
  • Enterprise Plus

  Connecting Zendesk to Defender for Cloud Apps with a Zendesk user that is not an admin will result in a connection error.

  Configure Zendesk

  

  1. Navigate to Admin ->Apps and integrations ->APIs ->Zendesk API ->OAuth Client and select Add OAuth client.
  2. Select New Credential.
  3. Fill out the following fields:
  4. Client name: Microsoft Defender for Cloud Apps (you can also choose another name).
  5. Description: Microsoft Defender for Cloud Apps API Connector (you can also choose another description).
  6. Company: Microsoft Defender for Cloud Apps (you can also choose another company).
  7. Unique identifier: microsoft_cloud_app_security (you can also choose another unique identifier).
  8. Redirect URL: https://portal.cloudappsecurity.com/api/oauth/saga
  • For US Government GCC customers, enter the following value: https://portal.cloudappsecuritygov.com/api/oauth/saga
  • For US Government GCC High customers, enter the following value: https://portal.cloudappsecurity.us/api/oauth/saga

  Configure Defender for Cloud Apps

  The Zendesk user that is configuring the integration must always remain a Zendesk admin, even after the connector is installed.

  

  1. In the Microsoft Defender Portal, select Settings. Then choose Cloud Apps. Under Connected apps, select App Connectors.
  2. In the App connectors page, select +Connect an app, followed by Zendesk.
  3. In the next window, give the connector a descriptive name, and select Next.
  4. In the Enter details page, enter the following fields and then select Next.
     • Client ID: the Unique identifier you used when you created the OAuth app in the Zendesk admin portal.
     • Client Secret: your saved secret.
     • Client endpoint: Zendesk URL. It should be .zendesk.com .
  5. In the External link page, select Connect Zendesk.
  6. In the Microsoft Defender Portal, select Settings. Then choose Cloud Apps. Under Connected apps, select App Connectors. Make sure the status of the connected App Connector is Connected.
  7. The first connection can take up to four hours to get all users and their activities in the seven days before the connection.
  8. After the connector's Status is marked as Connected, the connector is live and works.

  Microsoft recommends using a short lived access token. Zendesk doesn't currently support short lived tokens. We recommend our customers refresh the token every 6 months as a security best practice. To refresh the access token, revoke the old token by following Revoke Token. Once the old token is revoked, create a new secret and reconnect the Zendesk connector as documented above.

  System activities will be shown with the Zendesk account name.

  Rate limits

  The default rate limit is 200 requests per minute. To increase the rate limit, open a support ticket.

  The maximum rate limit for every subscription is described here.

  Next steps

  If you run into any problems, we're here to help. To get assistance or support for your product issue, please open a support ticket.