Additional insight on Gmail use in MCAS

%3CLINGO-SUB%20id%3D%22lingo-sub-1251252%22%20slang%3D%22en-US%22%3EAdditional%20insight%20on%20Gmail%20use%20in%20MCAS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1251252%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20use%20Exchange%20Online%20for%20business%20e-mail%2C%20but%20are%20seeing%20high%20volumes%20of%20users%20and%20traffic%20to%20Gmail%20on%20MCAS.%20What%20options%20do%20we%20have%20to%20get%20more%20insights%20for%20Gmail%20use%20in%20MCAS%3F%3C%2FP%3E%3CP%3E-%26nbsp%3B%3CSPAN%3EWe%20do%20not%20use%20Google%20Docs%20and%20have%20not%20federated%20with%20Google%2FGmail%20so%20a%20Google%20Docs%20connector%20is%20not%20possible%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E-%20As%20we%20are%20not%20federated%20Conditional%20Access%20App%20Controls%20seems%20to%20be%20out%20of%20the%20question%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EAre%20we%20are%20limited%20to%20Microsoft%20Defender%20ATP%20where%20we%20can%20check%20for%20AIP%20labelled%20data%2C%20or%20alternatively%20Windows%20Information%20Protection%3F%20Any%20other%20MCAS%20native%20insights%20to%20Gmail%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1251252%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECloud%20Discovery%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1264130%22%20slang%3D%22en-US%22%3ERe%3A%20Additional%20insight%20on%20Gmail%20use%20in%20MCAS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1264130%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F323159%22%20target%3D%22_blank%22%3E%40PHancke%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EMCAS%20is%20bound%20to%20the%20information%20provided%20by%20MDATP%20or%20any%20other%20network%20appliance%20(SWG%2C%20Firewall%20and%20etc.).%3C%2FP%3E%0A%3CP%3EYou%20are%20able%20to%20monitor%20the%20app's%20usage%20patterns%20such%20as%20the%20number%20of%20users%20using%20the%20apps%2C%20the%20amount%20of%20data%20being%20uploaded%20and%20downloaded%20and%20etc.%3C%2FP%3E%0A%3CP%3EBy%20using%20the%20Sanctioned%2FUns-anctioned%20tag%2C%20you%20are%20then%20able%20to%20set%20automated%20policy-based%20alerts%20to%20be%20notified%20when%20a%20certain%20app's%20(in%20this%20case%20Gmail)%20usage%20patterns%20violate%20company%20regulations.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20are%20planning%20to%20provide%20visibility%20into%20file%20hashes%20that%20are%20being%20uploaded%20to%20any%20of%20the%20monitored%20apps%20and%20protect%20sensitive%20data%20upload%20to%20Risky%2FUn-sanctioned%20apps.%20No%20ETA%20yet.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EMore%20information%20can%20be%20found%20here%3A%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fcloud-app-security%2Ftutorial-shadow-it%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fcloud-app-security%2Ftutorial-shadow-it%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fcloud-app-security%2Ftutorial-flow%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fcloud-app-security%2Ftutorial-flow%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20suggest%20taking%20the%20AIP%2FMDATP%20question%20in%20MDATP%20forums.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EBest%2C%3C%2FP%3E%0A%3CP%3EBoris%20K%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

We use Exchange Online for business e-mail, but are seeing high volumes of users and traffic to Gmail on MCAS. What options do we have to get more insights for Gmail use in MCAS?

We do not use Google Docs and have not federated with Google/Gmail so a Google Docs connector is not possible

- As we are not federated Conditional Access App Controls seems to be out of the question

 

Are we are limited to Microsoft Defender ATP where we can check for AIP labelled data, or alternatively Windows Information Protection? Any other MCAS native insights to Gmail?

 

1 Reply
Highlighted

Hi @PHancke 

 

MCAS is bound to the information provided by MDATP or any other network appliance (SWG, Firewall and etc.).

You are able to monitor the app's usage patterns such as the number of users using the apps, the amount of data being uploaded and downloaded and etc.

By using the Sanctioned/Uns-anctioned tag, you are then able to set automated policy-based alerts to be notified when a certain app's (in this case Gmail) usage patterns violate company regulations. 

 

We are planning to provide visibility into file hashes that are being uploaded to any of the monitored apps and protect sensitive data upload to Risky/Un-sanctioned apps. No ETA yet.

 

More information can be found here:

https://docs.microsoft.com/en-us/cloud-app-security/tutorial-shadow-it

https://docs.microsoft.com/en-us/cloud-app-security/tutorial-flow

 

I suggest taking the AIP/MDATP question in MDATP forums. 

 

Best,

Boris K