Forum Discussion
Rajeev Krishnan
Microsoft
Nov 30, 2016ODFB Activity log integration with Cloud App Secuirty
We have a customer that is currently in the process of rolling out ODFB. At this point we do have controls available in ODFB that can control access via the sync client, Mobile and Browser. However s...
VasilMichev
Nov 30, 2016MVP
CAS, as well as it's cheaper version ASM can both read the SPO/ODFB activity logs. Both will also allow you to configure custom notifications or even actions such as blocking the user. If you want direct integration with SIEM however, I beleive only CAS would be able to do that.
Another option is to directly use the API and feed the events to your SIEM. Here's a good starting point: https://msdn.microsoft.com/office-365/office-365-management-activity-api-reference
Rajeev Krishnan
Microsoft
Nov 30, 2016Thanks Vasil for the prompt response. The customer is intrested on leveraging Microsoft CAS. The idea in the longer run then is to show more value for other services with CAS and then use this as their main platform.
We did share the SIEM (in their case QRadar) integration with O365 Management API. Hopefully this confirmation allows us to move forward with CAS. Thanks again