SOLVED

CAS vs O365 ASM

%3CLINGO-SUB%20id%3D%22lingo-sub-39659%22%20slang%3D%22en-US%22%3ECAS%20vs%20O365%20ASM%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-39659%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EWhat%20is%20the%20relationship%20between%20CAS%20and%20O365%20Advanced%20Security%20Management%3F%20If%20we%20add%20O365%20to%20CAS%2C%20do%20we%20still%20use%20O365%20ASM%3F%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-39659%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECloud%20App%20Security%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-166638%22%20slang%3D%22en-US%22%3ERe%3A%20CAS%20vs%20O365%20ASM%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-166638%22%20slang%3D%22en-US%22%3E%3CP%3EMCAS%20SIEM%20connector%20supports%20both%20alerts%20and%20activity%20logs%20from%20Office%20365%20as%20well%20as%20other%20SaaS%20apps%20such%20as%20Box.%20Office%20365%20CAS%20SIEM%20connector%20only%20provides%20alerts%20from%20Office%20365.%20Refer%20to%20the%20documentation%20link%20below%20for%20a%20comparison%20of%20both%20products.%20%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fcloud-app-security%2Feditions-cloud-app-security-o365%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fcloud-app-security%2Feditions-cloud-app-security-o365%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-166481%22%20slang%3D%22en-US%22%3ERe%3A%20CAS%20vs%20O365%20ASM%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-166481%22%20slang%3D%22en-US%22%3EI%20am%20referring%20to%20Activity%20Logs%20and%20Alerts.%20%3CBR%20%2F%3EMCAS%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fcloud-app-security%2Fsiem%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fcloud-app-security%2Fsiem%3C%2FA%3E%3CBR%20%2F%3EO365CAS%20%3CA%20href%3D%22https%3A%2F%2Fsupport.office.com%2Fen-us%2Farticle%2Fintegrate-your-siem-server-with-office-365-cloud-app-security-dd6d2417-49c4-4de6-9294-67fdabbf8532%3Fui%3Den-US%26amp%3Brs%3Den-US%26amp%3Bad%3DUS%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsupport.office.com%2Fen-us%2Farticle%2Fintegrate-your-siem-server-with-office-365-cloud-app-security-dd6d2417-49c4-4de6-9294-67fdabbf8532%3Fui%3Den-US%26amp%3Brs%3Den-US%26amp%3Bad%3DUS%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EThe%20instructions%20are%20similar%20but%20if%20O365CAS%20is%20a%20subset%20of%20MCAS%20will%20Activity%20Logs%20and%20Alerts%20pulled%20from%20MCSA%20contain%20Activity%20Logs%20and%20Alerts%20from%20O365CAS%20or%20I%20do%20I%20need%20to%20set%20up%20the%20SIEM%20with%20both%3F%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-166435%22%20slang%3D%22en-US%22%3ERe%3A%20CAS%20vs%20O365%20ASM%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-166435%22%20slang%3D%22en-US%22%3EI%20don't%20quite%20understand%20your%20question.%20The%20logs%20come%20from%20your%20firewall%20and%20proxy%2C%20they%20do%20not%20come%20from%20either%20ASM%20or%20CAS.%20By%20the%20way%2C%20ASM%20is%20now%20called%20Office%20365%20Cloud%20App%20Security%20(they%20renamed%20it%20last%20fall)%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-166344%22%20slang%3D%22en-US%22%3ERe%3A%20CAS%20vs%20O365%20ASM%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-166344%22%20slang%3D%22en-US%22%3EIf%20you%20set%20up%20SIEM%20logging%20under%20CAS%20will%20that%20include%20logs%20from%20ASM%20or%20do%20you%20need%20to%20setup%20ASM%20SIEM%20logging%20also%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-58904%22%20slang%3D%22en-US%22%3ERe%3A%20CAS%20vs%20O365%20ASM%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-58904%22%20slang%3D%22en-US%22%3E%3CP%3EASM%20is%20a%20subset%20of%20CAS.%20Cloud%20app%20security%20provides%20you%20more%20broader%20control%20and%20visibility%20and%20ASM%20is%20only%20focused%20on%20one%20thing.%20Thanks.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-42290%22%20slang%3D%22en-US%22%3ERe%3A%20CAS%20vs%20O365%20ASM%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-42290%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Dean%2C%3C%2FP%3E%0A%3CP%3EASM%20offers%20a%20subset%20of%20features%20of%20MCAS%20focusing%20in%20Office%20365%20related%20apps%20and%20activites.%20Attached%20slides%20highlight%20the%20differences%20between%20the%20two%20versions.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThanks%2C%3C%2FP%3E%0A%3CP%3EShalini%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Respected Contributor

What is the relationship between CAS and O365 Advanced Security Management? If we add O365 to CAS, do we still use O365 ASM?

6 Replies
Highlighted
Best Response confirmed by Daniel Martins (Microsoft)
Solution

Hi Dean,

ASM offers a subset of features of MCAS focusing in Office 365 related apps and activites. Attached slides highlight the differences between the two versions.

 

Thanks,

Shalini

Highlighted

ASM is a subset of CAS. Cloud app security provides you more broader control and visibility and ASM is only focused on one thing. Thanks.

Highlighted
If you set up SIEM logging under CAS will that include logs from ASM or do you need to setup ASM SIEM logging also?
Highlighted
I don't quite understand your question. The logs come from your firewall and proxy, they do not come from either ASM or CAS. By the way, ASM is now called Office 365 Cloud App Security (they renamed it last fall)
Highlighted
I am referring to Activity Logs and Alerts.
MCAS https://docs.microsoft.com/en-us/cloud-app-security/siem
O365CAS https://support.office.com/en-us/article/integrate-your-siem-server-with-office-365-cloud-app-securi...

The instructions are similar but if O365CAS is a subset of MCAS will Activity Logs and Alerts pulled from MCSA contain Activity Logs and Alerts from O365CAS or I do I need to set up the SIEM with both?
Highlighted

MCAS SIEM connector supports both alerts and activity logs from Office 365 as well as other SaaS apps such as Box. Office 365 CAS SIEM connector only provides alerts from Office 365. Refer to the documentation link below for a comparison of both products.
https://docs.microsoft.com/en-us/cloud-app-security/editions-cloud-app-security-o365