Forum Discussion
- BemmelenPatrickIron ContributorHello Hemanth_Abbina,
There currently is a workaround where you are able to configure the MCAS API as the source for collecting the Activity logs into Azure Sentinel.
Please check out this article for more information:
https://techcommunity.microsoft.com/t5/azure-sentinel/microsoft-cloud-app-security-mcas-activity-log-in-azure-sentinel/ba-p/1849806- Hemanth_AbbinaMicrosoft
BemmelenPatrick Thanks.
Agree with this approach, but we have a problem. The MCAS API Token is not persistent and it's associated with the user created it. The Azure subscription we are using, is PIM enabled and all users should be activated their roles using PIM for 4 hours. In such scenarios, the API token we create will be inactive, whenever the PIM session of the user expires. So, it's not suited for scheduled/automated data collection.
- BemmelenPatrickIron ContributorHello Hemanth,
Are you using PIM for access to MCAS or to Azure Sentinel/Logic Apps?
Because the API token is taken from MCAS this will need to be entered for the Logic Apps connection but for Logic Apps you can use managed identities:
https://docs.microsoft.com/nl-nl/azure/logic-apps/create-managed-service-identity
Related Content
- Nov 30, 2023
- Feb 14, 2024
- Jul 23, 2024
- Jun 02, 2021
- Apr 19, 2023