Inline CASB support (with conditional access controls) for non-Windows 10 clients

%3CLINGO-SUB%20id%3D%22lingo-sub-1669492%22%20slang%3D%22en-US%22%3EInline%20CASB%20support%20(with%20conditional%20access%20controls)%20for%20non-Windows%2010%20clients%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1669492%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20-%20I'm%20hoping%20someone%20who%20has%20used%20MCAS%20with%20Azure%20AD%20Conditional%20Access%20Controls%20to%20accomplish%20inline%20CASB%20capabilities%20can%20help%20us%20understand%20something%20that%20is%20not%20adequately%20covered%20within%20Microsoft's%20online%20documentation%20for%20MCAS.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESpecifically%20-%20we're%20trying%20to%20provide%20inline%2Freal-time%20CASB%20capabilities%20with%20conditional%20access%20controls%20via%20MCAS%20in%20a%20heterogenous%20client%20environment.%26nbsp%3B%20Microsoft's%20documentation%20makes%20it%20very%20clear%20that%20Windows%2010%20with%20Defender%20ATP%20can%20be%20used%20to%20provide%20this%20functionality.%26nbsp%3B%20However%2C%20it%20is%20not%20at%20all%20clear%20whether%20or%20not%20this%20same%20functionality%20can%20be%20provided%20to%20Linux%2C%20Mac%2C%20iOS%2C%20and%20Android%20devices.%26nbsp%3B%20The%20documentation%20we've%20found%20states%20that%20Defender%20ATP%20can%20run%20on%20some%2Fall%20of%20these%2C%20but%20also%20seems%20to%20contain%20footnotes%20stating%20that%20proxy%20capabilities%20are%20not%20available%20in%20Defender%20ATP.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20short%20version%20of%20the%20question%20is%20this%3A%26nbsp%3B%20Is%20it%20possible%20to%20provide%20inline%2Freal-time%20CASB%20functionality%20with%20conditional%20access%20controls%20to%20Linux%2C%20Mac%2C%20iOS%2C%20and%20Android%20clients%20by%20using%20MCAS%20and%20Azure%20AD%20Conditional%20Access%20Controls%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20the%20answer%20is%20%22yes%22%2C%20then%20there%20is%20a%20follow-up%20question%3A%26nbsp%3B%20InTune%20is%20not%20used%20in%20this%20environment.%26nbsp%3B%20Is%20it%20required%20to%20accomplish%20this%20functionality%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1669492%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECloud%20App%20Security%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1687157%22%20slang%3D%22en-US%22%3ERe%3A%20Inline%20CASB%20support%20(with%20conditional%20access%20controls)%20for%20non-Windows%2010%20clients%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1687157%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F794463%22%20target%3D%22_blank%22%3E%40303JH303%3C%2FA%3E%26nbsp%3BFrom%20what%20I've%20seen%2C%20CASB%20feature%20in%20MCAS%20works%20on%20all%20modern%20browsers%2C%20regardless%20of%20the%20OS.%20You%20don't%20need%20Microsoft%20Intune%20for%20session%20and%20access%20control.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Visitor

Hi - I'm hoping someone who has used MCAS with Azure AD Conditional Access Controls to accomplish inline CASB capabilities can help us understand something that is not adequately covered within Microsoft's online documentation for MCAS.

 

Specifically - we're trying to provide inline/real-time CASB capabilities with conditional access controls via MCAS in a heterogenous client environment.  Microsoft's documentation makes it very clear that Windows 10 with Defender ATP can be used to provide this functionality.  However, it is not at all clear whether or not this same functionality can be provided to Linux, Mac, iOS, and Android devices.  The documentation we've found states that Defender ATP can run on some/all of these, but also seems to contain footnotes stating that proxy capabilities are not available in Defender ATP.

 

The short version of the question is this:  Is it possible to provide inline/real-time CASB functionality with conditional access controls to Linux, Mac, iOS, and Android clients by using MCAS and Azure AD Conditional Access Controls? 

 

If the answer is "yes", then there is a follow-up question:  InTune is not used in this environment.  Is it required to accomplish this functionality?

1 Reply

@303JH303 From what I've seen, CASB feature in MCAS works on all modern browsers, regardless of the OS. You don't need Microsoft Intune for session and access control.