Recent Discussions
MCAS Webinar Recordings
Below are the links to the recordings of the MCAS webinar sessions (registration here: https://aka.ms/MCASWebinar). The links are the same ones used to join the webinar, which is why we can post them before the webinars have taken place. NOTE: We are currently experiencing a problem with many of these recordings. The links that do not work have been temporarily removed until the problem is resolved. We are working to resolve the problem as quickly as we can. Thanks for your patience. If you were unable to join us live, but have questions about something covered in the webinar, you can ask them at https://aka.ms/MCASQandA, or, as always, feel free to make a post on this MCAS Tech Community group with your question. To ensure you hear about future MCAS webinars and other developments, make sure you've joined out community by going to https://aka.ms/SecurityCommunity. We hope you'll join us!CAS Playbook Now Available
We’re excited to release the CAS playbook: http://aka.ms/mcaspoc It will guide you through the process of setting up CAS, both in a proof of concept environment, and in production. It will help you configure it throughout your deployment, using simple step-by-step instructions. Enjoy!MCAS Deployment Webinar Series
Want to learn how to deploy Microsoft Cloud App Security (MCAS)? Our webinar series will walk you through it: https://aka.ms/MCASWebinar The series will be hosted by our engineering team on Tuesdays (3:00 pm ET / 12:00 PM PT) and Thursdays (10:00 AM GMT) between March 12th and April 18th. The topics covered in this series are: 1) Use Microsoft Cloud App Security to protect your sensitive information anywhere in the cloud. 2) Leverage state of the art threat detection capabilities to quickly detect and remediate threats across your cloud apps. 3) Monitor and control user actions across your cloud apps in real-time using Conditional Access App Control. 4) Discover the use of Shadow IT in your organization, evaluate the risks and start managing them. 5) Stay protected across all your apps, by connecting 3rd party applications. 6) Simplify your SecOps' life by automating security workflows with Cloud App Security and Microsoft Flow. We hope you'll join us!Let's automate! Check out our latest blog post on the new integration of MCAS and MS Flow
MCAS now integrates with MS Flow to provide centralized alert automation and orchestration of custom workflows for 1st party and more than 100 3rd party connectors! Read the full blog post for use cases and all the details!Azure Security Center Webinar: Secure Score
Want to learn about Secure Score in Azure Security Center? Join our webinar. Details and registration at https://aka.ms/ASCSSWebinar. Azure Secure Score is a simple but elegant tool that will help you improve your infrastructure security by identifying and ranking the highest impact configuration changes you can make. We have recently introduced tools such as "virtual analyst" which enable you to increase your Secure Score in an automated fashion. More details can be found at https://docs.microsoft.com/en-us/azure/security-center/security-center-secure-score. We are hosting two identical sessions at the following times: Tuesday, September 10, 2019 at 08:00 PT / 11:00 ET / 15:00 GMT, and Wednesday, September 11, 2019 at 09:00 GMT / 11:00 CEST / 17:00 HKT Afterward, recordings will be posted to https://aka.ms/ASCRecordings. We hope you’ll join us!
Web content filtering in Defender not working outside of Edge
Trying to evaluate Cloud App and blocking Access to Email & Personal Storage While the likes of mail.yahoo and gmail is being blocked within Edge I'm able to bypass it with Chrome. I've Network Protection set to Enable (block Mode) within Intune. Am I missing some step that Chrome / Firefox needs ?MCAS Webinar Q&A
Many people have registered for our webinar (https://aka.ms/MCASWebinar). We're thrilled to see such interest, but it also means we'll likely get a large volume of questions on the call, and it may not be possible to respond to every one in real time. We will do our best to get your question answered directly on the call, and we'll have several dedicated team members just to respond to the questions; however, I wanted to provide an additional mechanism for any questions we're unable to get to. This post will be used for any questions that didn't get addressed on the call. We'll be reviewing the transcript of questions after the call and we'll post answers here. This may take a day or two, so please check back soon. If you were unable to attend the call, note that you can find the recordings here: https://aka.ms/MCASRecordings. Feel free to reply to this post with any questions you have.Defender for Cloud - Workload Protection features per Workload ?
I've been thinking about all the current Protection Use cases of Defender for Cloud (Mar/22). There is support for many cloud-native workloads so a bird's eye view of what can be achieved on each is quite welcome I believe. So I've scoured the public official docs and made a chart of some of the capabilities per workload. I don't know if there's a better, public and official document on this? This is what I found out in my own research: The list of Workloads was retrieved from https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-cloud-introduction. For each Workload’s Protection Use cases, the official public docs file was referenced. There are nuances for supported controls per platform so be sure to check the sources for all details. Information updated on Mar 2022. All Information contained in here must always be checked against the latest documentation. For a Complete list of all alerts generated by Defender for Cloud, per workload with reference of MITRE ATT&CK’s tactics, check out https://docs.microsoft.com/en-us/azure/defender-for-cloud/alerts-reference#alerts-azureappserv. source: https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-servers-introduction source: https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-containers-introduction?tabs=defender-for-container-arch-aks source: https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-app-service-introduction source: https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-storage-introduction Source: https://docs.microsoft.com/en-us/azure/defender-for-cloud/alerts-reference#alerts-azurekv Source: https://docs.microsoft.com/en-us/azure/defender-for-cloud/alerts-reference#alerts-resourcemanager Source: https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-dns-introduction Source Azure SQL: https://docs.microsoft.com/en-us/azure/defender-for-cloud/quickstart-enable-database-protections Source SQL Servers on Machines: https://docs.microsoft.com/en-us/azure/defender-for-cloud/quickstart-enable-database-protections Source: https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-databases-introduction Source: https://docs.microsoft.com/en-us/azure/defender-for-cloud/concept-defender-for-cosmosCall for input : Automatic remediation and Custom policies
Hi! -Do you want to automatically remediate a security center recommendation? Auto remediation allows you to simply remediate unhealthy resources automatically -Do you want to surface your own custom Azure policy in Security Center? Adding a custom policy you created in Azure policy and surface it in Azure Security center portal. If you are interested in these features , we are in the design phase and would very much appreciate your input! If you are willing to have a call to share your thoughts and requirements on these topics please contact me mailto:miril@micorsoft.com or reply to this message. Thanks in advance for your cooperation! Miri Landau
MCAS [Activity Policy] Log on from an outdated browser - current Teams client triggers alert
TLDR: Microsoft Teams client triggers 'Log on from an outdated browser' alert policy After enabling the MCAS - Activity Policy - 'Log on from an outdated browser' our current up-to-date desktop Teams client triggers the alert. I spent quite some time with the user discussing their configuration and thankfully a colleague correlated the 'Sign-in Logs' from the AAD blade and we could see the below 'User Agent's from the same workstation: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Teams/1.4.00.22472 Chrome/85.0.4183.121 Electron/10.4.3 Safari/537.36 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 The latest production release of Teams is 'Teams/1.4.00.22472' and it is evidently running Chrome/85.0.4183.121 (Chromium) in the back end which is flagged in the 'User agent tags' of the alert as 'Outdated browser'. The default template should exempt this use case. Knowing the above I've attempted to add an additional filter 'User Agent String' and 'does not contain' 'Teams' - this has no affect on the results leaving me with the suspicion that the full user agent string as above is not passed through. If this is the case then why is it an available filter? It would be great to see this addressed or advice on what I've missed to get this working. Thanks
Allow only Outlook desktop app to exchange online
Hi all, We our looking for ways to get more control for accessing Exchange online from a BYOD device. No user can connect from Windows and MacOS with any type of client. Is it possible with MCAS to block all other mail desktop clients and only allow Outlook desktop? Can this be done with MCAS? or do I need another Microsoft 365 solution? Thanks for the help and information kind regard's Finn
MCAS API Connector - Connect GCP - Error: Failed to create sink via Stackdriver Logging API
Hi Everyone, I follow the Microsoft official procedure (Link: https://docs.microsoft.com/en-us/cloud-app-security/connect-google-gcp-to-microsoft-cloud-app-security) to connect GCP to MCAS through API Connector. Unfortunately when I'm going to connect GCP the MCAS report the following error: Error: Failed to create sink via Stackdriver Logging API. Any suggestion? Is there a way to solve this issue? Thanks in advance. Regards, Vittorio (Security Team Lead)Protect multiple cloud app instances using Microsoft Cloud App Security
Several organizations use multi instances of the same cloud applications for different business reasons. As a security professional, you need to have visibility into each of these instances and have the option to control each one. We’re happy to announce that Microsoft Cloud App Security can now support and control multiple instances of the cloud apps. Let’s start with a common scenario: the marketing team and the sales team in an organization use the same CRM cloud application, but with two different instances. Read about it in the Enterprise Mobility + Security blog.
Welcome to the Azure Security Center community forum
Welcome to the Azure Security Center community forum! Join us to share questions, thoughts, and ideas about Azure Security Center and receive answers from the diverse Security Center community. Our community is here to assist you with any questions or challenges you may have. This forum is part of the Security Center community platforms, including the GitHub repository for sharing code, and a blog for keeping up-to-date with news and how-to-guides. Get involved in any of the following community platforms: Azure Security Center GitHub repository Azure Security Center Blog Features Suggestions To learn more about Azure Security Center, see the: Product description and introduction Security Center documentation Feel free to post any questions, comments, or requests here. Best regards, Azure Security Center team
Recent Blogs
- Shadow IT has always been a bit of a ghost story in cybersecurity. You know it’s there, lurking in the background, but it rarely shows itself until something goes wrong. For years, people thought it ...Sep 23, 2025
- Today, Defender for Storage released, in public preview for Commercial Cloud, the feature Automated Remediation for Malware Detection. This is for both On-upload and On-demand malware scanning. The f...Sep 17, 2025
