Hi @jensandersson,

AFAIK, there are no plans for multi-tenant support for Office 365 and Azure App connectors.

Would recommend raising this on the Cloud App Security Uservoice

https://microsoftsecurity.uservoice.com/forums/905161-cloud-app-security

I think it would be a good idea to potentially look at a version which could support multiple tenants - it would be good for Managed Service Providers, Groups, Franchises, etc.

At present, the local SIEM would be the only option to take the logs from the different tenants.

Hope that answers your question.

Best, Chris

Hi @jensandersson,

As Christopher mentioned there are currently no plans for multi-instance support for 1st party apps.

To support multiple Office/ Azure instances you would need multiple MCAS tenants.

 

From there you have the option of of either using SIEM to centralize everything or by assigning admins from a single tenant with permissions to all others and then sue the tenant switcher to move through them. More info on this can be found here: https://docs.microsoft.com/en-us/cloud-app-security/manage-admins#invite-external-admins

 

Regards,

Dima.

@jensandersson While Microsoft hasn't publicly shared plans for multi-instance support in Office 365 and Azure app connectors, it's crucial for organizations with multiple tenants.

 

Gathering security logs into a central Microsoft Cloud App Security deployment is practically necessary for managing diverse tenants. Though Azure AD Premium offers cross-tenant reporting, it doesn't replace the desired MCAS connector support. MCAS scripts aid in copying data between tenants, but scalability may be an issue in larger environments.

 

While routing logs to an on-premises SIEM is a valid workaround, it's not ideal. Provide feedback to Microsoft for future MCAS updates addressing cross-tenant support. As demand grows, specific customer use cases can illustrate the need for this functionality. The hope is Microsoft will incorporate it, serving a broader user base.