Protect multiple cloud app instances using Microsoft Cloud App Security

%3CLINGO-SUB%20id%3D%22lingo-sub-165953%22%20slang%3D%22en-US%22%3EProtect%20multiple%20cloud%20app%20instances%20using%20Microsoft%20Cloud%20App%20Security%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-165953%22%20slang%3D%22en-US%22%3E%3CP%3ESeveral%20organizations%20use%20multi%20instances%20of%20the%20same%20cloud%20applications%20for%20different%20business%20reasons.%20As%20a%20security%20professional%2C%20you%20need%20to%20have%20visibility%20into%20each%20of%20these%20instances%20and%20have%20the%20option%20to%20control%20each%20one.%20We%E2%80%99re%20happy%20to%20announce%20that%20Microsoft%20Cloud%20App%20Security%20can%20now%20support%20and%20control%20multiple%20instances%20of%20the%20cloud%20apps.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22%22%3ELet%E2%80%99s%20start%20with%20a%20common%20scenario%3A%20the%20marketing%20team%20and%20the%20sales%20team%20in%20an%20organization%20use%20the%20same%20CRM%20cloud%20application%2C%20but%20with%20two%20different%20instances.%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20class%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22%22%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Create-filters-for-the-policy-1024x974.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F29276i96AAC45766DE60F0%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Create-filters-for-the-policy-1024x974.png%22%20alt%3D%22Create-filters-for-the-policy-1024x974.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20class%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22%22%3E%3CSPAN%3ERead%20about%20it%20in%20the%20%3CA%20href%3D%22https%3A%2F%2Fcloudblogs.microsoft.com%2Fenterprisemobility%2F2018%2F02%2F26%2Fprotect-multiple-cloud-app-instances-using-microsoft-cloud-app-security%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EEnterprise%20Mobility%20%2B%20Security%20blog%3C%2FA%3E.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-165953%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECloud%20App%20Security%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2113066%22%20slang%3D%22en-US%22%3ERe%3A%20Protect%20multiple%20cloud%20app%20instances%20using%20Microsoft%20Cloud%20App%20Security%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2113066%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F172883%22%20target%3D%22_blank%22%3E%40Christopher%20Brumm%3C%2FA%3E%26nbsp%3BHello!%20Sorry%20for%20any%20misconceptions%20here.%20I%20was%20sharing%20a%20pointer%20post%20to%20a%20blog%20written%20by%20someone%20else.%20I%20am%20a%20community%20manager%20here%20and%20not%20a%20product%20expert%2C%20so%20won't%20be%20able%20to%20answer%20your%20question.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20would%20recommend%20you%20post%20your%20question%20as%20a%20new%20question%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-cloud-app-security%2Fbd-p%2FMicrosoftCloudAppSecurity%22%20target%3D%22_self%22%3Ehere%3C%2FA%3E%20for%20best%20visibility%20to%20our%20community%20of%20experts!%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2113059%22%20slang%3D%22en-US%22%3ERe%3A%20Protect%20multiple%20cloud%20app%20instances%20using%20Microsoft%20Cloud%20App%20Security%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2113059%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F41707%22%20target%3D%22_blank%22%3E%40Eric%20Starker%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20know%20this%20is%20a%20quite%20old%20blog%20post%20but%20maybe%20you%20can%20help%20me.%3C%2FP%3E%3CP%3EIn%20my%20environments%20are%202%20Salesforce%20instances%20connected%3A%3C%2FP%3E%3CDIV%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22instances.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F252009iAD1AFD67028255DC%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22instances.png%22%20alt%3D%22instances.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%E2%80%83%3C%2FP%3E%3CDIV%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%3CP%3ENow%20I'm%20trying%20to%20scope%20different%20policies%20to%20my%20DEV%20instance%20and%20I%20have%20discovered%20the%20following%3A%3C%2FP%3E%3CP%3E-%20All%20activities%20collected%20by%20the%20API%20are%20detected%20correct%3A%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22activity-instance.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F252011i71BD87CD88196333%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22activity-instance.png%22%20alt%3D%22activity-instance.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E-%20activities%20from%20the%20reverseproxy%20are%20detected%20wrong%3A%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22session-instance.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F252012iC4D566524FF6C02D%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22session-instance.png%22%20alt%3D%22session-instance.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESeems%20like%20this%20is%20because%20I%20have%202%20connected%20app%20connectors%20and%20only%201%20CAAC%20app.%3C%2FP%3E%3CP%3EI%20have%20tried%20to%20add%20a%20second%20Salesforce%20App%20in%20CAAC%20with%20my%20dedicated%20SF-domain%20for%20the%20instance%20but%20it%20is%20not%20possible.%20Editing%20or%20deleting%20the%20instance%20is%20not%20possible%20too.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDo%20you%20have%20any%20guidance%20for%20this%3F%20How%20can%20I%20scope%20session%20policies%20to%20my%20DEV%20environment%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20in%20advance%3C%2FP%3E%3CP%3EChris%3C%2FP%3E%3C%2FLINGO-BODY%3E
Community Manager

Several organizations use multi instances of the same cloud applications for different business reasons. As a security professional, you need to have visibility into each of these instances and have the option to control each one. We’re happy to announce that Microsoft Cloud App Security can now support and control multiple instances of the cloud apps.

 

Let’s start with a common scenario: the marketing team and the sales team in an organization use the same CRM cloud application, but with two different instances. 

 

Create-filters-for-the-policy-1024x974.png

 

Read about it in the Enterprise Mobility + Security blog.

2 Replies

Hi @Eric Starker 

I know this is a quite old blog post but maybe you can help me.

In my environments are 2 Salesforce instances connected:

 
 

instances.png

 

Now I'm trying to scope different policies to my DEV instance and I have discovered the following:

- All activities collected by the API are detected correct:

activity-instance.png

- activities from the reverseproxy are detected wrong:

session-instance.png

 

Seems like this is because I have 2 connected app connectors and only 1 CAAC app.

I have tried to add a second Salesforce App in CAAC with my dedicated SF-domain for the instance but it is not possible. Editing or deleting the instance is not possible too.

 

Do you have any guidance for this? How can I scope session policies to my DEV environment?

 

Thanks in advance

Chris

@Christopher Brumm Hello! Sorry for any misconceptions here. I was sharing a pointer post to a blog written by someone else. I am a community manager here and not a product expert, so won't be able to answer your question.

 

I would recommend you post your question as a new question here for best visibility to our community of experts!