Forum Discussion

dario_r's avatar
dario_r
Copper Contributor
Apr 10, 2019

MCAS pre and post authentication

Hi guys, I've got a couple of questions related to the authentication flow and when MCAS takes actions: 1. As far as I understand, all the proxy sessions get applied AFTER the user authentication...
Cloud App Security
Niv Goldenberg's avatar
Niv Goldenberg
Former Employee
Apr 11, 2019

Hi Dario,

 

1. Correct. MCAS apply the session controls after authentication and initial risk assessment of the session.

2. Is there a specific pre-authentication scenario you have in mind?
In general, as a CASB, MCAS focus on the user activity within the apps, hence, after the authentication.

 

Thanks,

Niv

  • Niv Goldenberg's avatar
    Niv Goldenberg
    Former Employee
    Apr 15, 2019

    The pre-authentication controls you can use are the control provided by AAD. 

    • dario_r's avatar
      dario_r
      Copper Contributor
      Apr 15, 2019

      Niv GoldenbergThanks. Azure AD does not provide pre-auth access afaik, the conditional access gets applied after the authentication.

      If i'm wrong please tell me which controls can do AAD pre-auth.

       

      Many thanks!

      Dario

      • Niv Goldenberg's avatar
        Niv Goldenberg
        Former Employee
        Apr 15, 2019

        The controls are applied during the authentication.