Microsoft Defender for Cloud Apps | Microsoft Community Hub

Forum Widgets

Latest Discussions

Problem Automatic Log Upload - Defender for Cloud Apps
Hello Community, I have a strange problem with the activity in the Title. I have create Data Sources from Fortinet And a Log collector With the correct documentation that is linked https://learn.microsoft.com/en-us/defender-cloud-apps/discovery-docker-ubuntu-azure?tabs=centos So i have a Fortinet Firewall that send by SYSLOG log to the VM Ubuntu in Azure, i have deploy docker, Ubuntu receive log from firewall, i see traffic is correct. But from Cloud Apps connector remains into "Connected" state. Regards, Guido
Solved
GuidoImpe
Brass Contributor
Sep 05, 2025
126Views
1like
3Comments
Teams cloud app policy template not showing
Below should be available since last year, but i dont see them in my list. Access level change (Teams): Alerts when a team's access level is changed from private to public. External user added (Teams): Alerts when an external user is added to a team. Mass deletion (Teams): Alerts when a user deletes a large number of teams We have the Microsoft 365 E5-security license. Do we need another license for that ?
Solved
MichelA__
Copper Contributor
Nov 01, 2024
206Views
0likes
5Comments
Cloud Discovery Dashboard not updating
We successfully integrated the MDCA with Zscaler on 10th Sep 10 AM. From that Time until 11th Sep 9:08 PM, data was getting updated in the console but after that it is showing Updated on Sep 11, 2024, 9:08 PM. Under Governance log - last parse Cloud discovery log shows success at 11/9/2024, 21:07:51. There is nothing in pending or failed state. Automatic log upload (under settings) shows 362 uploaded logs, last data received 11 Sep 2024, Modified date 13 Sep 2024. Please suggest why Dashboard is not updating.
Solved
Sochito
Brass Contributor
Sep 13, 2024
Cloud Discovery
MDCA
Zscaler
470Views
0likes
2Comments
Cloud Discovery - Insights to CDNs
Taking a look at our Cloud Discovery data we see lots of traffic with CDNs as Akamai. Is it possible to get more insights about what content has been delivered on a user or ip basis?
Solved
PhilFancyAndMe
Iron Contributor
Aug 14, 2024
Cloud Discovery
434Views
0likes
1Comment
Managed devices being detected as unmanaged in Access policy
I have an Access policy that targets devices that are not hybrid AD joined to block the OneDrive client syncing on personal devices. This is tested and working, but i'm finding that 1 of my pilot managed devices is intermittently displaying the cloud apps popup when OneDrive is being accessed. The device in question is a corporate laptop running Windows 11 with a join type of "Microsoft Entra joined". When I look at the logs all OneDrive activities are allowed except for the ones with a description of "open in native app" which are being blocked, these have an activity type of "Download File". Under User Agent Tag it only shows Intune Compliant, although I am not targeting this in the Access policy. I've noticed many computers in Entra ID are showing as non-compliant and didnt initially want to restrict them so did not tick it, should I? Given a fleet of 17,000 devices, I need to understand why we are getting false positives and fix it before I roll out the policy to all of them. Any help is appreciated. Thanks.
Solved
Cameron_Stephens
Copper Contributor
Aug 14, 2024
1.3KViews
0likes
8Comments
Cloud Apps Score Metrics per category
Hi All, I am trying to create a Cloud App discovery policy that applies to only a specific category of apps, and I want to fine tune the "Score metrics" for only one category. Settings --> Cloud Discovery --> Score metrics applies to all apps. I need a way to apply this only to a specific category. From what I can see this is not possible. Does anyone have any idea if there is a way to do this? Regards, Andrew
Solved
AndrewReed
Copper Contributor
Jul 16, 2024
864Views
0likes
4Comments
Enforcing Google Workspace Password Resets via MDCA Configuration
Hi, I'm exploring Microsoft Defender for Cloud Apps (MDCA) as a potential CASB solution. I'm particularly interested in how Data Governance and User Governance work when it integrates with Google Workspace. The article https://learn.microsoft.com/en-us/defender-cloud-apps/protect-google-workspace mentions MDCA's ability to "Require user to reset password to Google". However, I couldn't find a guide on how to configure these settings. I've checked https://learn.microsoft.com/en-us/defender-cloud-apps/governance-actions, but no luck. Has anyone configured "Require user to reset password to Google" in MDCA before? Does this functionality force a Google Workspace user to reset their Google account password? Thank you.
Solved
Paullee800
Copper Contributor
May 22, 2024
365Views
0likes
2Comments
Firebase Auth OIDC login recently broke due to MDCA
Hello, We are a service provider, and one of our customers is using MDCA, and using Entra ID to do SSO into our mobile app. We use Google Firebase Auth (aka Google Cloud Identity Platform) as our identity platform (similar to Auth0) to integrate multiple OIDC providers (Microsoft, Google, Apple). Back in December this authentication flow worked perfectly, but something appears to have changed recently with the behavior of the MDCA proxy. Nothing has changed on our end or the customer's MDCA configuration. Now it appears that, after successful Entra auth, the redirect to our Firebase authentication domain ([redacted].firebaseapp.com) is loaded as [redacted].firebaseapp.com.mcas.ms and the user sees a Firebase Auth error screen. I am guessing that Firebase Auth is somehow incompatible with the MDCA proxy, and cannot handle the unexpected the domain change. Unfortunately, because it is a third-party service, we don't have the ability to fix it. Keith_Fleming I saw your comment on another recent post that "there have been some recent changes to the behavior" related to the MDCA proxy. Could a recent change be the cause of this issue? Could you suggest any paths forward? We were about to launch with this customer, when the issue popped up. Thank you so much for any help.
Solved
keithfable
Brass Contributor
Jan 29, 2024
721Views
0likes
1Comment
Custom IP address ranges in Defender for Cloud Apps
Is there any reason that the IP Address Ranges screen in for settings Cloud Apps won't allow a /29 range? It only allows /8, /16, /24, and /32. What's the rationale?
Solved
SKadish
Brass Contributor
Jan 24, 2024
1.7KViews
0likes
7Comments
Microsoft 365 Business Premium with Cloud App Security
Hi all, I have a quick question about a customer who has a Microsoft 365 Business Premium subscription. They would like to use Activity policies within Microsoft 365 Cloud App Security. The 'Microsoft Defender for Cloud Apps setup guide' in the Microsoft 365 admin center states that the 'Defender for Cloud Apps standalone' license is required to use the Full suite of Defender for Cloud Apps. My question: Does Microsoft 365 Business Premium + Defender for Cloud Apps standalone plan work to use Activity policies (such as 'Mass download by a single user')? Many thanks in advance.
Solved
JoostvdLinden
Brass Contributor
Jan 08, 2024
4.5KViews
0likes
1Comment

Resources

Tags

Cloud App Security524 Topics
Cloud Discovery107 Topics
Data Protection66 Topics
App Connectors55 Topics
threat protection53 Topics
azure active directory12 Topics
microsoft defender for cloud apps12 Topics
cloud security10 Topics
mcas9 Topics
azure8 Topics