Cloud app Security client certificate

Skipster311-1 · ‎Aug 10 2021

Hello all, i am following the below article on how to configure cloud app security to work with client certificates. I am currently using the demo cert that is called out in the article . The client cert has been added to the user cert store on the local machine, and the root cert was imported into cloud app security.

I have also tagged the device with "Valid client certificate" in endpoint manager,
(per below)

However when i do a search for all devices with tag - "Valid client certificate" i get back zero results. Need help understanding why cloud app security is not able to discover the device that i previously tagged ?

https://docs.microsoft.com/en-us/cloud-app-security/troubleshooting-proxy#client-certificates-are-no...

JaredPoeppelman · ‎Dec 03 2021

For MDCA (MCAS) to see anything there, you would need a device with a valid cert to do something that is monitored or blocked by an access policy or session policy. That requires that the app be onboarded for CAAC. Deployment guidance for that can be found at
https://docs.microsoft.com/en-us/defender-cloud-apps/proxy-deployment-aad

BcoyneSS · ‎Sep 26 2023

Did you get this working, if so what kind of certificate did you use (Internal PKI, Managed PKI, public cert?) Trying to figure out our options for MCAS and MacOS devices managed by Kandji

Cloud app Security client certificate

Cloud app Security client certificate

Re: Cloud app Security client certificate

Re: Cloud app Security client certificate

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Cloud app Security client certificate