Skip to main content


This article was accurate at the time of writing, but changes happen. If you find the instructions are outdated, leave a description in the comment field below and let us know!

Step 1: Enable console access

You can create either a local account or an AD user through

  1. Go to to create a new user.

  2. Scroll to Users and click Active Users.

  3. Select Add a user.

  4. Set Expel as first name and SOC as last name.

  5. Scroll to the bottom and grant global reader role for the user.

Step 2: Generate API credentials

  1. Go to the MDCA portal using the account credentials created in Step 1.

  2. Go to the Settings menu and select Security extensions and then API tokens.

    Screen Shot 2021-03-05 at 12.40.26 PM.png
  3. Generate a new token, provide a name to identify the token, and click Next.

  4. Copy the token value and save it somewhere safe. You need this later.

  5. After you generate a new token, you're provided with a new URL to access Microsoft Defender for Cloud Apps.


    The token has the privileges of the user created in Step 1 who issued it.

Step 3: Configure the technology in Workbench

  1. In a new browser tab, login to

  2. On the console page, navigate to Settings and click Security Devices.

  3. At the top of the page, click Add Security Device.

  4. Search for and select your technology.

    • For Name type the host name of the Microsoft Defender for Cloud Apps device.

    • For Location type the geographic location of the appliance.

    • For URL, type from Step 2.

    • For Token, type from Step 2.

MCAS, MS Cloud App Security, MS Defender, Microsoft Cloud Application Security