App governance extends Defender for Cloud Apps to OAuth apps.
Capabilities
Insights.
Governance policies.
Detection of anomalies.
Automated remediation.
Enable app governance
Ensure Microsoft 365 is connected.
Go to Defender for Cloud Apps.
Select Settings.
Select App Governance.
Enable integration.
Save.
Policies appear shortly after.
Final exam reminders for Module 3
Application object ≠ service principal.
Delegated ≠ application permissions.
Admin consent is tenant-wide and powerful.
App roles appear in tokens.
SCIM and governance are lifecycle controls.