cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MCAS Webinar Q&A

Ryan Heffernan
Microsoft

‎Mar 12 2019 09:25 AM - edited ‎Mar 12 2019 10:07 AM

‎Mar 12 2019 09:25 AM - edited ‎Mar 12 2019 10:07 AM

MCAS Webinar Q&A

Many people have registered for our webinar (https://aka.ms/MCASWebinar). We're thrilled to see such interest, but it also means we'll likely get a large volume of questions on the call, and it may not be possible to respond to every one in real time.

 

We will do our best to get your question answered directly on the call, and we'll have several dedicated team members just to respond to the questions; however, I wanted to provide an additional mechanism for any questions we're unable to get to. 

 

This post will be used for any questions that didn't get addressed on the call. We'll be reviewing the transcript of questions after the call and we'll post answers here. This may take a day or two, so please check back soon. 

 

If you were unable to attend the call, note that you can find the recordings here: https://aka.ms/MCASRecordings. Feel free to reply to this post with any questions you have. 

Labels:
5,025 Views
3 Likes
31 Replies
Reply
31 Replies
Ananda Prasad Bandaru

‎Mar 28 2019 02:15 PM

‎Mar 28 2019 02:15 PM

Re: MCAS Webinar Q&A

@Ryan Heffernan 

In our testing MCAS would fail if the document contains more than 1 million characters (an excel with 2 MB site but with multiple sheets  which have 80+ columns). Label is not applied stating Error in policy match. Would this be handled?

 

Also, from AIP webinars, I picked up that AIP scanner considers only TEXT bytes & not IMAGE bytes while scanning the content, is this the case in MCAS as well?

0 Likes
Reply
Ananda Prasad Bandaru

‎Mar 28 2019 02:17 PM

‎Mar 28 2019 02:17 PM

Re: MCAS Webinar Q&A

@Ryan Heffernan 

When MCAS applies a label using AIP SDK in the back end, it just updates a OLE property sheet of the document. Is there a way to update a SP column as well?

 

We want this for 

1. Visual reference when user navigates to a SP library

2. For SP Search module tweak where we say NOT TO SCAN files with certain confidentiality (I know that permissions trimming should be used but things happen where entire SPSite is not secured)

0 Likes
Reply
Ananda Prasad Bandaru

‎Mar 28 2019 02:21 PM

‎Mar 28 2019 02:21 PM

Re: MCAS Webinar Q&A

@Ryan Heffernan 

Heard that "MCAS WILL have an ability to apply PROTECTION when only shared externally."

 

How is this possible, any documentation on this?

0 Likes
Reply
Ananda Prasad Bandaru

‎Mar 28 2019 02:30 PM

‎Mar 28 2019 02:30 PM

Re: MCAS Webinar Q&A

@Ryan Heffernan 

Is there a way for me to say that "Yes, out MCAS tenant has the MIP SDK in the back end for applying labels"

Like the MCAS version number that I see in the portal?

 

Came to know that MIP SDK would allow MCAS activities to be pushed to AIP Analytics screen (Azure Logs DB)

0 Likes
Reply
Ananda Prasad Bandaru

‎Mar 28 2019 02:33 PM

‎Mar 28 2019 02:33 PM

Re: MCAS Webinar Q&A

@Ryan Heffernan 

Saw the below:

https://techcommunity.microsoft.com/t5/Azure-Information-Protection/Azure-Information-Protection-hel...

 

Are these sensitivity types available in MCAS (rules from SCC) as well?

0 Likes
Reply
Dean Gross

‎Mar 30 2019 02:22 PM

‎Mar 30 2019 02:22 PM

Re: MCAS Webinar Q&A

@Ryan Heffernanthese webinars are FANTASTIC. The demos are very good and the Q&A is very helpful.Thanks to the team for spending the time with us. They are setting a high bar for the other groups at MS to live up to.

0 Likes
Reply
MariaYacaman

‎Apr 02 2019 12:32 PM

‎Apr 02 2019 12:32 PM

Re: MCAS Webinar Q&A

@Ryan Heffernan What is the field that the user enrichment with Azure AD joins with?

I only ask because when I use this feature I do not get any results in my reports from Azure AD groups.

 

Please let me know.

Thank you.

Maria Y.

0 Likes
Reply
kevmca

‎Apr 02 2019 12:36 PM

‎Apr 02 2019 12:36 PM

Re: MCAS Webinar Q&A

@Ryan Heffernan For user enrichment to work does there need to be a exact match between the UPN from AAD and the ID used in discovery? In discovery we have ID = domain/kevmca and AAD ID = kevmca@domain.com. User enrichment does not seem to work in this case. Should it?

0 Likes
Reply
joshpuse

‎Apr 12 2019 07:25 AM

‎Apr 12 2019 07:25 AM

Re: MCAS Webinar Q&A

@Ryan Heffernan @Yoann_David_Mallet When talking about App Connectors and CA App Control, can you be alerted to anomalous activity through the CA App control or do you have to setup both an API connector and CA App control for an app? This is if you want to be alerted and also use the App Control functionality of real time control, will setting up just the App control be enough, or need to put the app in both "connected app" tabs?

0 Likes
Reply
Yoann_David_Mallet

‎Apr 12 2019 08:17 AM

‎Apr 12 2019 08:17 AM

Re: MCAS Webinar Q&A

Hi @joshpuse 

When using MCAS for threat detection, best is to use the API connector, when one is avaialble. You will have some level of detection using Conditional Access App Control only, but it is not to the level of what you get using the API connector.

 

Therefore, if there is a connector available, I suggest you leverage it (note that anything you do by default when you connect a new app will be read only: MCAS will not perform any user impacting task without an action from the admin).

 

hope this helps!

yoann  

1 Like
Reply
Anandpb

‎Apr 29 2019 08:53 AM

‎Apr 29 2019 08:53 AM

Re: MCAS Webinar Q&A

@Ryan Heffernan 

As per our testing against a SPO library with minor versioned documents, MCAS when it labels, creates a new minor versions and not major version (which is good as the draft wont get published).

Can you kindly confirm if this is the intended behavior?

0 Likes
Reply
Yoann_David_Mallet

‎Apr 30 2019 07:23 AM

‎Apr 30 2019 07:23 AM

Re: MCAS Webinar Q&A

@Anandpb 

Yes, this is indeed the intended behavior as we modify the file content in order to apply the label.

 

0 Likes
Reply