Forum Discussion

mrognlie's avatar
mrognlie
Copper Contributor
Feb 20, 2019

Best practice for creating groups to be used in CAS

I am new to CAS, and am in a department of a larger higher ed institution.  Central IT has no experience in the Security/Compliance and CAS areas, so I'm doing the research to get my department up an...
Cloud App Security
mrognlie's avatar
mrognlie
Copper Contributor

Thank you for the response, Sebastien.  I see the issue now - our Azure GA (also a Security Administrator) does not have the choice of "Manage Admin Access" in the gear drop-down.  Only Settings, Governance log, Security extensions, Exported reports, Scoped deployment, IP address ranges and User groups.

 

I had our GA assign himself an A5 license just in case (rest of campus is currently A1), but that didn't change the drop-down choices.  Might you have an idea how to proceed on this?

 

Matt

Sebastien Molendijk's avatar
Sebastien Molendijk
Icon for Microsoft rankMicrosoft
Feb 27, 2019

Hi,

 

Why are you combining Global Admin with Security Admin ?

Could you remove that account from the Security Admin, log off and try again ?

 

I suspect a permission mismatch. 

  • mrognlie's avatar
    mrognlie
    Copper Contributor
    Mar 05, 2019

    Sebastien:

    After quite a bit more work, we have determined that delegating permissions to imported groups is not a feature of Office Cloud App Security, and only a feature of Microsoft Cloud App Security.  It's not specifically called out here https://docs.microsoft.com/en-us/cloud-app-security/editions-cloud-app-security-o365, but we assume based on other feature items that we will not have this available in OCAS.

     

    Thanks,

    Matt

Resources