Forum Widgets
Latest Discussions
Problem Automatic Log Upload - Defender for Cloud Apps
Hello Community, I have a strange problem with the activity in the Title. I have create Data Sources from Fortinet And a Log collector With the correct documentation that is linked https://learn.microsoft.com/en-us/defender-cloud-apps/discovery-docker-ubuntu-azure?tabs=centos So i have a Fortinet Firewall that send by SYSLOG log to the VM Ubuntu in Azure, i have deploy docker, Ubuntu receive log from firewall, i see traffic is correct. But from Cloud Apps connector remains into "Connected" state. Regards, Guido
Restricting access to non SSO apps
I have multiple non SSO apps that my users need to access. I am looking to permit access but limit what actions users can take when visiting these apps/sites such as: blocking file uploads, blocking data download, restricting logins, etc to limit shadow IT. Is there a way to do this within MDCA? Session control policies, activity policies and access policies require the apps be onboarded or SSO configured which is not feasible for the numerous apps in scope. If not MDCA, what other services have you used to accomplish this?
Scope Profile - Device Group Creation - Help please
Hi Everyone, Hope all is well. I'm trying to make particular user group be excluded from a unsanctioned app. I saw you can create scoped profile which available under Setting - Apps - Scoped Profile. I'm following Microsoft documents here. https://docs.microsoft.com/en-us/defender-cloud-apps/governance-discovery On step 5 and step 6 it talks about selecting device group? how I create device group? I have bunch of azure ad device groups but nothing is coming up when search it which leads me to believe you need to import it. I tried importing through user groups but that does not seems to work. Please let me know if you know how to do this or another way to get this task completed. I'm trying to create Scope profile which is available
Session controlled Microsoft apps very slow response
Hello For the past 2 months we have been receiving complaints regarding D365 slowness off and on. D365 was included in my session controlled policy. I disabled the policy and the complaints have stopped. Is there part of the policy setup that was missed. I really need the benefits of MCAS without impacting the business. ThanksGeneral Risk Factor - Logon URL - Null
I'm trying to create a policy that maps "Logon URL" field in the app details and if its empty/blank, it approves/sanction the application. My only challenge is that I'm not able to set an identifier that reads blank field. I tried ASCII null character but it doesn't work. Wondering if this use case is even possible.
Native DLP Failed on Mar 4, 2020, 3:29:13 PM. Error details: Download error
Hi i am facing issue with applying Sensitivity label on SharePoint files using MCAS, first i am able to apply the label but after that MCAS unable to scan the file, also creating rule to remove the label failed with native DLP failed error. i have a support request opened for more than a month and there is no solution. regardsPlaybooks with MDCA
I am attempting to integrate MDCA alerts with freshdesk as per the e.g. https://learn.microsoft.com/en-us/defender-cloud-apps/flow-integration I have E5 without teams licenses. I created the flow, Once from playbooks in MDCA portal and once in power automate directly and went to create a policy to test it out but the option "Sent to power automate" from the policy is always greyed out. Alerts are not automatically detected in the flow unless the action in the policy is set to send to power automate which again is greyed as option in the policies. Also playbooks tab in the MDCA portal does not show the flows I created before, It shows empty, Seems link is broken between MDCA and PowerAutomate. Any reason for this, Any Idea about this? Thanks in advance.
Unsanctioned to all, exclude to some
Dear reader, I have configured the asset rules en device tagging. I need to deploy certain apps as unsanctioned to all W11 devices and exclude the same apps to certain devices who have a device tag I configured for exclusion. The problem i am having is that the devices that need to be excluded, with the device tag "Exclude" Are also part of the device tag "W11" I could exclude them from the W11 device tagging but that would mean they would be excluded from all other policies that are targeted to the W11 tag. Which is not desirable. I was hoping for a solution as how you would deploy in Intune, with includes and exludes groups, but it doenst look like the defender platform supports this. I have been testing with exclude entities but this does not give the result i am looking for. Can someone help me? Maybe you had the same issue and found something smart way around this? 🙂 Thank you in advance!Using MCAS to block file upload to SharePoint Online based on (external) file property?
Hi, With MCAS (by file policy or by Conditional Access App Control), would it be possible to act on single file if specific file property matches search criteria? E.g. if any value in multivalued property "Tags" in Office file matches "testtag01" or if any value in multivalued property "Keywords" in PDF file matches "testtag01". I've tried with O365 DLP, but with traditional Office 365 DLP issue is that those properties are not indexed in SharePoint search index by default and therefore DLP wont detect those.
