Forum Widgets
Latest Discussions
Using Microsoft Defender for Cloud Apps to block apps on managed devices.
Greetings, I have been tasked to work with Microsoft Defender for cloud apps and to block the usage of the Firefox browser on all endpoints within my estate apart from a few users who require it. I have tried to unsanctioned app feature. This only displays a warning prompt but users can still proceed with using and interacting with the application. We have already configured web content filtering and works fine. I already looked up other articles relating to downloading a block script but that applies to other security appliances such as firewalls which we don't want to get into. Is there a convenient way to block certain apps usage by solely using Microsoft Defender for Cloud Apps or is this platform only used for monitoring purposes and cannot really block the app by unsanctioning it?CrestonVJan 21, 2025Copper Contributor49Views1like3CommentsMCAS API Connector - Connect GCP - Error: Failed to create sink via Stackdriver Logging API
Hi Everyone, I follow the Microsoft official procedure (Link:https://docs.microsoft.com/en-us/cloud-app-security/connect-google-gcp-to-microsoft-cloud-app-security) to connect GCP to MCAS through API Connector. Unfortunately when I'm going to connect GCP the MCAS report the following error: Error:Failed to create sink via Stackdriver Logging API. Any suggestion? Is there a way to solve this issue? Thanks in advance. Regards, Vittorio (Security Team Lead)VittorioAddeoSecJan 21, 2025Copper Contributor2.1KViews2likes3CommentsCloud Discovery policy - Governance action - Scoped profile missing
Hi everyone, I wanted to create a Cloud Discovery policy that automatically tags as unsanctioned some applications but only for a scoped profiles. When tagging cloud applications manually, it's possible to scope it to a profile: However, this option doesn't exist in the governance actions section: Are there any other way to create policies that can tag but only for a device group/scoped profile? Cheers,MatheoBtDec 11, 2024Copper Contributor17Views0likes0CommentsCloud Discovery Dashboard not updating
We successfully integrated the MDCA with Zscaler on 10th Sep 10 AM. From that Time until 11th Sep 9:08 PM, data was getting updated in the console but after that it is showing Updated on Sep 11, 2024, 9:08 PM. Under Governance log - last parse Cloud discovery log shows success at11/9/2024, 21:07:51. There is nothing in pending or failed state. Automatic log upload (under settings) shows 362 uploaded logs, last data received 11 Sep 2024, Modified date 13 Sep 2024. Please suggest why Dashboard is not updating.SolvedSochitoNov 24, 2024Brass Contributor353Views0likes2CommentsUnsanctioned to all, exclude to some
Dear reader, I have configured the asset rules en device tagging. I need to deploy certain apps as unsanctioned to all W11 devices and exclude the same apps to certain devices who have a device tag I configured for exclusion. The problem i am having is that the devices that need to be excluded, with the device tag "Exclude" Are also part of the device tag "W11" I could exclude them from the W11 device tagging but that would mean they would be excluded from all other policies that are targeted to the W11 tag. Which is not desirable. I was hoping for a solution as how you would deploy in Intune, with includes and exludes groups, but it doenst look like the defender platform supports this. I have been testing with exclude entities but this does not give the result i am looking for. Can someone help me? Maybe you had the same issue and found something smart way around this? 🙂 Thank you in advance!AWulleNov 08, 2024Copper Contributor631Views0likes4CommentsBlock Sensitive Data Upload to External SharePoint Online Tenants
We need to block the ability of Users, who are serving the notice period, to upload any Confidential labelled documents to external SharePoint Online Tenants. What is the best way to do this please?SochitoNov 08, 2024Brass Contributor86Views0likes8CommentsTeams cloud app policy template not showing
Below should be available since last year, but i dont see them in my list. Access level change (Teams): Alerts when a team's access level is changed from private to public. External user added (Teams): Alerts when an external user is added to a team. Mass deletion (Teams): Alerts when a user deletes a large number of teams We have the Microsoft 365 E5-security license. Do we need another license for that ?SolvedMichelA__Nov 07, 2024Copper Contributor128Views0likes5CommentsConditional access policy not recognised
Hello everyone, We're evaulating Cloud Apps session/conditional access/session policies but have hit a weird snag. We have created a conditional access policy in EntraID with session control of Use Conditional Access App Control. This was initially set to Monitor Only (Preview) I then signed in with the test user and logged into the various 365 services, and confirmed these apps were onboarded into the Conditional Access App Control apps page. So far so good. However when I've attempted to create either a Access or Session Policy in the Cloud Apps Policy Management section, there is an error saying that there are no conditional access policies set up. I changed the conditional access policies in Entra ID to "Custom Policy" and waited a few hours, but still getting the error. I have created additional conditional access policies in EntraID from scratch and waited over night, but it still seems that EntraID and the Cloud Apps parts aren't talking with each other. When I create a policy, I get a warning that there isn't a corresponding CA policy. The Access/Session policy is reated, but has [Entra ID Policy Missing] in the title. I'm not sure where I'm going wrong with this. I've followed various guides and checked various forums but aside from the obvious I'm at a loss. Has anyone else come up against this before, or should I raise a ticket with MS to look at the back end? Thanks in advance, MarkHidMovOct 29, 2024Steel Contributor764Views0likes4CommentsMCAS Log on Event
Last night I had a Sentinel alert for logon from IP address associated with password spray. Alert was triggered from threat indicator matching IP address. OK no big deal, wasn't a password spray. In tracking this down I see the user is external in MCAS. I find no files shared with the user, no teams message activity, no email to the user.... nothing. My question is, what could the logon event be from?JeffR_CNYOct 25, 2024Copper Contributor141Views0likes1Comment
Resources
Tags
- Cloud App Security524 Topics
- Cloud Discovery107 Topics
- Data Protection66 Topics
- App Connectors55 Topics
- Threat Protection53 Topics
- azure active directory12 Topics
- Cloud Security10 Topics
- mcas9 Topics
- azure8 Topics