04-22-2020 07:44 AM
04-22-2020 07:44 AM
We integrated MS Defender ATP with CAS and data is showing in Cloud Discovery Dashboard and logs are uploaded fine. But in CAS/Settings/Cloud Discovery there's no entry for "Microsoft Defender ATP" where are can switch on blocking unsanctioned apps. Also, in Settings all System settings, like "Organization details", "Mail settings" are missing. Searching the web didn't give me any clue
04-22-2020 10:32 AM
I enabled integration several months ago, but only recently I wanted to block unsanctioned apps and discovered the options weren’t available anymore. I’m sure it was there before. All users have Office365 E3, ATP, CAS and EMS-licenses. That must be sufficient. Unfortunately I don’t know when the options disappeared.
04-22-2020 10:48 AM - edited 04-22-2020 11:08 AM
Interesting, so the options were available at one point then? Have you had any licence changes in that time? Is your EM+S E3 or E5? If you have EM+S E3 plus the CAS add-on, or EM+S E5, you should be able to leverage all of the features of MCAS.
I'd recommend opening a support ticket with Microsoft and get them to check this out for you.
04-22-2020 11:19 AM
we indeed have EM+S and CAS addons, so it should be sufficient. I already opened a case with Microsoft, but after 4 transfers to other support teams I still didn’t get any serious response. I guess I have to be patient a little more :)
Anyhow, thanks for your responses!
04-23-2020 01:08 AM
One other thought - have you tried logging in with a different Global Admin account? I recently had an issue where some of the options in O365 ATP disappeared for me in the Security and Compliance Center. I logged in with another GA account and they were all there. Not long afterwards, they randomly reappeared in my own GA account.
04-23-2020 01:24 AM
Hi peter, I already tried that, but it didn't work. But in searching for a solution I noticed something: there are two versions of CAS: "Microsoft Cloud App Security" and "Office365 Cloud App Security". We are using the latter:
But based on our licenses we are entitled for MCAS. I now investigating how we can "upgrade" to Microsoft Cloud App Security.
Maybe that will solve the issue.
04-23-2020 01:43 AM
Yes there are indeed two flavours of CAS which are MCAS and OCAS. OCAS comes with O365 E5, and MCAS comes with EM+S E5, and to the best of my knowledge it also comes with the licensing that you have of EM+S E3 with the CAS add-on.
To prove this theory, I recommend you see if you can get an EM+S E5 trial and apply it to your GA account. See if that makes a difference maybe?
04-23-2020 02:01 AM
This confirms it. EM+S E3 plus standalone CAS gets you the full MCAS features and not just the subset that comes with OCAS.
04-23-2020 02:05 AM
Things are getting clearer: We have EMS E3, O365 E3 and Office365 Cloud App Security licenses. So it seems to be correct that we're using OCAS. But still: Microsoft ATP is integrated in our OCAS, so it should be possible to block apps. I will contact our license-supplier to check what to expect with the licenses they sold us:-)
05-04-2020 03:31 AM
@PeterRising According to our license-specialist OCAS-licenses are retired per Februari 1st and all users should upgrade to MCAS as soon as their subscription end:
How are existing Office 365 Cloud App Security customers impacted
On February 1, 2019, the Office 365 Cloud App Security USL standalone SKU was retired, and new customer subscriptions will no longer be available as a standalone. Office 365 CAS will continue to be included with Office 365 E5 and Microsoft Cloud App Security.
Existing customers will see no changes for the remainder of their current enrollment term and may continue to add new Office 365 Cloud App Security standalone USLs.
Customers with enrollments expiring on or before June 30, 2019 will have the option to renew Office 365 Cloud App Security standalone for one more term.
Customers with Office 365 Cloud App Security standalone enrollments expiring after June 30, 2019, will need to move to Microsoft Cloud App Security at renewal to maintain the service
In the meantime nothing should change in an existing environment. Apparently we now have a mixed environment: partly MCAS but with the limitations of OCAS. They couldn't tell me whether this is correct. Our subscription ends on July 1st, so after date we will have MCAS-licenses. I hope everything will then work as expected.