Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
SOLVED

MCAS traffic flow

Copper Contributor

Hi team,

I have a question.

When using MCAS, I know that users deliver requests and responses to the app through "Proxy (Access + Session)."

Then, is the actual DATA delivered to the user through Cloud App Security? Or is it delivered directly to the user from the data center where the data is stored?

In the "Data Location" section of the document "https://docs.microsoft.com/en-us/cloud-app-security/what-is-defender-for-cloud-apps'", I confirmed that MCAS' data centers are only in Europe, the UK, and the United States.

So if I'm using MCAS when I asked for M365 data in Korea from Singapore, does it mean that traffic flows back to Korea through one of the three regions? Or will only requests and responses for data go to one of the three regions, and M365 data be delivered directly from Korea to Singapore?

 

Best Regards,
YJ

5 Replies
@youngjin98

MCAS acts as a reverse proxy, that means the traffic from the date center (webserver) will first go to MCAS and then the data will be delivered to the client.
@AnuragSrivastava

so, we will consider the case where the user's location is Korea and the location of the data center used is also Korea.

When MCAS is not used, users will receive data from the data center immediately.

However, if the user uses MCAS, the data will return to Korea via Singapore, where the reverse proxy is located, and go to the user.

Is that right?

When using MCAS, there was a slowdown in speed, so I was curious to analyze and solve the cause.
best response confirmed by youngjin98 (Copper Contributor)
Solution
@youngjin98
Yes that's correct. If the user uses MCAS, the data will return to Korea via Singapore, where the reverse proxy is located, and then it will be delivered to the user.

@youngjin98 

 

The user's entire session and all its data will be proxied through the MCAS session (reverse) proxy only if, at logon time, there was a session policy in MCAS that matched the user's sign-in.  Note this is only supported for browser-based access, not client app access.

 

If only an MCAS access policy matches the sign-in (no session policy), then the entire session will be allowed or blocked, but if allowed, the session will go directly to the cloud app, not through the session proxy.

 

Hope that helps clarify it.

Thank you for your kind explanation.
1 best response

Accepted Solutions
best response confirmed by youngjin98 (Copper Contributor)
Solution
@youngjin98
Yes that's correct. If the user uses MCAS, the data will return to Korea via Singapore, where the reverse proxy is located, and then it will be delivered to the user.

View solution in original post