Aug 15 2018 08:22 AM
Hi, I have implemented a log collector to send logs from my TMG server to CAS. The log collector is called TMG-02. The logs copied, using FTP, to the log collector which then uploads them to CAS. The first run of this 2 files were uploaded and I could see these where successfully parser by viewing the governance log. After probably 20 minutes the discovery dashboard populated. However, if I change the scope from Global to just view TMG-02 it is blank, which doesn't see right to me. Also, when the same files, which now contain more data are uploaded the Cloud App discovery dashboard doesn't update even though I can see they have been successfully uploaded and parser. Also, if I create a snapshot report from these files I see the information that I expect.
Why am I not seeing any discovery data if I just select the log collector of TMG-02 and more importantly why is the discovery dashboard updating with the information from the updated logs?
Regards,
Stuart
Aug 19 2018 06:05 AM
Hi Stuart,
As indicated in MCAS documentation (https://docs.microsoft.com/en-us/cloud-app-security/set-up-cloud-discovery), you can see that continuous report data is analyzed twice a day, and might take some time to be populated in case of newly created reports. Could you share some details on how long did you wait before checking the data?
Thanks,
Danny.
Aug 19 2018 10:45 AM
SolutionSep 03 2018 06:05 AM
Thanks Danny that was exactly what my problem was.
As a side note, do you know if there is a way of removing a connected app in the portal? I have accidentally connected to the same Okta organization twice and want to remove one of the connections?
Sep 03 2018 06:55 AM
Hi Stuart,
API connector can be disabled by our support team.
Please contact them in ceilsupport@microsoft.com.
Danny.
Sep 04 2018 05:37 AM
Thanks Danny,
I have sent them an e-mail.
Would you mind answering a couple of other questions that I have as I'm currently evaluating CAS with a view to recommending it to our customers?
My questions are:
1. Is there anyway of changing the account used to connect to Office 365, SharePoint and OneDrive as I connected using my account and I would have thought that you'd be better having a dedicated account as my password will change and also I have MFA enabled. Is the account that you are logged in with used ongoing for connecting to these Microsoft applications. I see that other apps you can specify and change the token.
2. I am just looking at Conditional Access App Control and I see that Office 365 applications are not configured with SAML so they are not currently supported. So does this mean that CAS cannot be used to force encryption on downloaded files or to even block downloads on unmanaged devices from OneDrive for Business and SharePoint Online?
Thanks in advance,
Stuart
Sep 04 2018 06:50 AM
Hi Stuart,
The connection to Office 365 is created using app credentials and not the user ones. The user is only needed to verify you actually have the required permissions to initiate the connection, once established the connection is independent.
Regards,
Dima
Sep 04 2018 12:47 PM
Thanks for clearing this up for me. The reason that I asked this is that I have 7 connected apps and 2 of these are OneDrive for Business and SharePoint Online and these keep showing Connection Error (the others are fine). When I look at the error it is the same for both which is:
Sep 05 2018 12:44 AM
Aug 19 2018 10:45 AM
Solution