Forum Widgets
Latest Discussions
Using Microsoft Defender for Cloud Apps to block apps on managed devices.
Greetings, I have been tasked to work with Microsoft Defender for cloud apps and to block the usage of the Firefox browser on all endpoints within my estate apart from a few users who require it. I have tried to unsanctioned app feature. This only displays a warning prompt but users can still proceed with using and interacting with the application. We have already configured web content filtering and works fine. I already looked up other articles relating to downloading a block script but that applies to other security appliances such as firewalls which we don't want to get into. Is there a convenient way to block certain apps usage by solely using Microsoft Defender for Cloud Apps or is this platform only used for monitoring purposes and cannot really block the app by unsanctioning it?CrestonVJan 16, 2025Copper Contributor210Views1like4CommentsCloud Discovery policy - Governance action - Scoped profile missing
Hi everyone, I wanted to create a Cloud Discovery policy that automatically tags as unsanctioned some applications but only for a scoped profiles. When tagging cloud applications manually, it's possible to scope it to a profile: However, this option doesn't exist in the governance actions section: Are there any other way to create policies that can tag but only for a device group/scoped profile? Cheers,MatheoBtDec 11, 2024Copper Contributor23Views0likes0CommentsBlock Sensitive Data Upload to External SharePoint Online Tenants
We need to block the ability of Users, who are serving the notice period, to upload any Confidential labelled documents to external SharePoint Online Tenants. What is the best way to do this please?SochitoNov 06, 2024Brass Contributor88Views0likes8CommentsMCAS Log on Event
Last night I had a Sentinel alert for logon from IP address associated with password spray. Alert was triggered from threat indicator matching IP address. OK no big deal, wasn't a password spray. In tracking this down I see the user is external in MCAS. I find no files shared with the user, no teams message activity, no email to the user.... nothing. My question is, what could the logon event be from?JeffR_CNYOct 25, 2024Copper Contributor147Views0likes1CommentMCAS requirements for Log Collector
Hi all, this is my first question in the Microsoft Community. I have been reviewing the requisites for MCAS log collector and I wanted to understand why does the machine hosting the log collector needs at least 250 GB disk, as this appliance sends every 40KB to MCAS and stores up to 20 backup files. Thanks in advance, Benjaminbenjamino-21Oct 25, 2024Copper Contributor161Views0likes1CommentAdmin Quarantine Location on Defender for Cloud Apps keeps going blank
Hi, I am facing an issue where when I select a file location for admin quarantine on Defender for Cloud Apps, that file path just vanishes away the next day and it comes up as a blank location. I tried changing the SharePoint site multiple times but it still goes blank after a day. Has anybody encountered this lately ?AbhinavK1660Oct 04, 2024Copper Contributor177Views0likes0CommentsConditional access policy not recognised
Hello everyone, We're evaulating Cloud Apps session/conditional access/session policies but have hit a weird snag. We have created a conditional access policy in EntraID with session control of Use Conditional Access App Control. This was initially set to Monitor Only (Preview) I then signed in with the test user and logged into the various 365 services, and confirmed these apps were onboarded into the Conditional Access App Control apps page. So far so good. However when I've attempted to create either a Access or Session Policy in the Cloud Apps Policy Management section, there is an error saying that there are no conditional access policies set up. I changed the conditional access policies in Entra ID to "Custom Policy" and waited a few hours, but still getting the error. I have created additional conditional access policies in EntraID from scratch and waited over night, but it still seems that EntraID and the Cloud Apps parts aren't talking with each other. When I create a policy, I get a warning that there isn't a corresponding CA policy. The Access/Session policy is reated, but has [Entra ID Policy Missing] in the title. I'm not sure where I'm going wrong with this. I've followed various guides and checked various forums but aside from the obvious I'm at a loss. Has anyone else come up against this before, or should I raise a ticket with MS to look at the back end? Thanks in advance, MarkHidMovOct 02, 2024Steel Contributor887Views0likes4CommentsNew Blog | Introducing the new File Integrity Monitoring with Defender for Endpoint integration
By Gal Fenigshtein As part of the Log Analytics agent deprecation, Defender for Servers has introduced a new simplification strategy aiming at significantly simplifying the onboarding process and requirements needed to protect servers in the cloud, while enhancing existing capabilities and adding new ones. According to this strategy, all Defender for Servers capabilities are provided over Defender for Endpoint or cloud-native capabilities and agentless scanning for VMs, without relying on either Log Analytics Agent (MMA) or Azure Monitor Agent (AMA). This hybrid approach combines the strengths of agent-based and agentless protection, offers multi-layered security for servers. While the agent provides in-depth security and real-time detection and response, agentless and cloud-native capabilities deliver enhanced coverage, full visibility within hours, with no performance impact on machines. Security findings from both, agent-based and agentless approaches, are seamlessly integrated in Defender for Cloud, tailored to protect servers in multicloud environments. Read the full post here: Introducing the new File Integrity Monitoring with Defender for Endpoint integrationDavidFernandesSep 27, 2024Microsoft378Views0likes0Commentsblock Unsanction app in cloud
Similar queries as previously mentioned from one of the User; I'm just getting started with Microsoft Defender for Cloud Apps but have already worked a bit with it when it was still named Cloud App Security. Right now, I'm looking into the Cloud Discovery features. While trying out the Unsanctioned feature for some apps, I ran into the problem that they only get blocked if the user is using Microsoft Edge. If the user uses Chrome or Firefox, the app doesn't get blocked. I integrated MDCA with Microsoft Defender for Endpoint. What am I missing? Does anyonce from Microsoft; kindly jump into and give guidance thanks palashPalash_ShuklaSep 24, 2024Copper Contributor435Views0likes1Comment
Resources
Tags
- Cloud App Security524 Topics
- Cloud Discovery107 Topics
- Data Protection66 Topics
- App Connectors55 Topics
- threat protection53 Topics
- azure active directory12 Topics
- microsoft defender for cloud apps12 Topics
- cloud security10 Topics
- mcas9 Topics
- azure8 Topics