Forum Widgets
Latest Discussions
MCAS Webinar Q&A
Many people have registered for our webinar (https://aka.ms/MCASWebinar). We're thrilled to see such interest, but it also means we'll likely get a large volume of questions on the call, and it may not be possible to respond to every one in real time. We will do our best to get your question answered directly on the call, and we'll have several dedicated team members just to respond to the questions; however, I wanted to provide an additional mechanism for any questions we're unable to get to. This post will be used for any questions that didn't get addressed on the call. We'll be reviewing the transcript of questions after the call and we'll post answers here. This may take a day or two, so please check back soon. If you were unable to attend the call, note that you can find the recordings here: https://aka.ms/MCASRecordings. Feel free to reply to this post with any questions you have.
Valid Client Certificate Setup
How do you get valid client certificate to work? What i have so far. 1. CA with Intermediate, User Certificate Template cloned for this purpose 2. Issued a cert to my domain desktop and IOS device 3. Enabled a conditional access policy for custom MCAS policy 4. Root and intermediate cert upload to MCAS 5. MCAS policy to block if there is no valid client certificate. the block works, i get the "test block" message. but i can't get the client certificate prompt or figure out why it won't prompt for certificate. My end goal is to test valid client certificate against a few 3rd party IOS apps where device certificate/standard device compliance checkbox doesn't work in conditional access.
MDATP Integration - Unsanctioned Apps - Allow for some users?
Hi, I've reviewed the documentation @ https://docs.microsoft.com/en-us/cloud-app-security/governance-discovery in relation to blocking unsanctioned apps - specifically using MDATP on Win10 endpoints. The documentation doesn't mention anything about governance when using MDATP - Is the functionality similar to the integration with Zscaler and iBoss, where once an app is tagged as unsanctioned it is blocked on the endpoint for all users? Is there any way to provide greater granularity to the process - ie allow an app for some users and not for others or is it a binary choice for the entire organisation? Thanks PaulMicrosoft ATP missing in CAS settings
We integrated MS Defender ATP with CAS and data is showing in Cloud Discovery Dashboard and logs are uploaded fine. But in CAS/Settings/Cloud Discovery there's no entry for "Microsoft Defender ATP" where are can switch on blocking unsanctioned apps. Also, in Settings all System settings, like "Organization details", "Mail settings" are missing. Searching the web didn't give me any clue
Impossible travel alerts on failed logins
I am picking up impossible alerts that are not relevant. I have specified successful logins only for the Impossible Travel policy but it still alerting on what seems like failed logins. It is also displaying all the failed logins on the details. My goal is to use flow and email the user to the activity and if they are unaware of the travel they can contact support. The issue is that it is reporting all the impossible travel in the details of failed logins which will only confuse the user. Is there a way to only report successful events for Impossible Travel policy? EXAMPLE DETAILS OF EVENT - These are all failed logins outside the US though. The user was active from 210.217.32.25 in Korea and 8.41.93.10 in United States within 270 minutes. The user was active from 85.175.226.82 in Russia and 8.41.93.10 in United States within 382 minutes. The user was active from 182.71.16.42 in India and 8.41.93.10 in United States within 686 minutes. The user was active from 222.223.41.92 in China and 8.41.93.10 in United States within 690 minutes. The user was active from 210.217.32.25 in Korea and 2600:387:9:5::b6 in Puerto Rico within 317 minutes. The user was active from 8.41.93.10 in United States and 2600:387:9:5::b6 in Puerto Rico within 46 minutes. The user was active from 182.71.16.42 in India and 2600:387:9:5::b6 in Puerto Rico within 732 minutes. The user was active from 222.223.41.92 in China and 2600:387:9:5::b6 in Puerto Rico within 736 minutes. The user was active from 85.175.226.82 in Russia and 2600:387:9:5::b6 in Puerto Rico within 429 minutes. The user was active from 2600:387:9:5::b6 in Puerto Rico and 201.140.110.78 in Mexico within 35 minutes. The user was active from 210.217.32.25 in Korea and 201.140.110.78 in Mexico within 353 minutes. The user was active from 182.71.16.42 in India and 201.140.110.78 in Mexico within 768 minutes. The user was active from 222.223.41.92 in China and 201.140.110.78 in Mexico within 772 minutes. The user was active from 85.175.226.82 in Russia and 201.140.110.78 in Mexico within 465 minutes.
Conditional Access using certificate from Internal PKI
Hi, Hi all, Fairly new to Conditional Access. I have a scenario where we want to stop users accessing Office 365 applications if they are coming in from an external connection and don't have a certificate present issued by our internal PKI. Is there a policy that we can configure in conditional access that says: I am coming in from an external connection, look for a user/computer certificate on this device (be that laptop or mobile) and if present allow access. If not present, block access. Primarily the goal is to stop users accessing Office 365 from non corporate, external devices. This seems to fit the bill: https://docs.microsoft.com/en-gb/cloud-app-security/proxy-deployment-aad am I on the right track here? Could configure an app control policy for Office 365, and add a device control/tag to specify a valid client certificate is required? Regards ND
