Apr 22 2020 07:44 AM
We integrated MS Defender ATP with CAS and data is showing in Cloud Discovery Dashboard and logs are uploaded fine. But in CAS/Settings/Cloud Discovery there's no entry for "Microsoft Defender ATP" where are can switch on blocking unsanctioned apps. Also, in Settings all System settings, like "Organization details", "Mail settings" are missing. Searching the web didn't give me any clue
Apr 22 2020 09:03 AM
Hi, in CAS, go to the Cog wheel and click settings;
Then, go to Microsoft Defender ATP, and you can block unsanctioned apps as below.
Apr 22 2020 09:23 AM
Apr 22 2020 09:33 AM
@PeterRising I know I should find that option there, but the issue is that the option doesn’t exist there. Also, the other settings I mentioned are missing.
Apr 22 2020 09:41 AM
Oh my apologies, I thought you were looking where to find these settings.
OK, may I ask when you enabled the integration from the Defender ATP portal? Also, what licensing do you have in M365 please?
Apr 22 2020 10:32 AM
I enabled integration several months ago, but only recently I wanted to block unsanctioned apps and discovered the options weren’t available anymore. I’m sure it was there before. All users have Office365 E3, ATP, CAS and EMS-licenses. That must be sufficient. Unfortunately I don’t know when the options disappeared.
Apr 22 2020 10:48 AM - edited Apr 22 2020 11:08 AM
Interesting, so the options were available at one point then? Have you had any licence changes in that time? Is your EM+S E3 or E5? If you have EM+S E3 plus the CAS add-on, or EM+S E5, you should be able to leverage all of the features of MCAS.
I'd recommend opening a support ticket with Microsoft and get them to check this out for you.
Apr 22 2020 11:19 AM
we indeed have EM+S and CAS addons, so it should be sufficient. I already opened a case with Microsoft, but after 4 transfers to other support teams I still didn’t get any serious response. I guess I have to be patient a little more 🙂
Anyhow, thanks for your responses!
Apr 22 2020 11:25 AM
Frustrating. I'll see if I can find out anything more for you and feedback if i do. Let me know how you get on. Good luck!
Apr 22 2020 11:42 AM
Apr 22 2020 11:44 AM
sure, I’m global admin.
Apr 23 2020 01:08 AM
One other thought - have you tried logging in with a different Global Admin account? I recently had an issue where some of the options in O365 ATP disappeared for me in the Security and Compliance Center. I logged in with another GA account and they were all there. Not long afterwards, they randomly reappeared in my own GA account.
Apr 23 2020 01:24 AM
Hi peter, I already tried that, but it didn't work. But in searching for a solution I noticed something: there are two versions of CAS: "Microsoft Cloud App Security" and "Office365 Cloud App Security". We are using the latter:
But based on our licenses we are entitled for MCAS. I now investigating how we can "upgrade" to Microsoft Cloud App Security.
Maybe that will solve the issue.
Apr 23 2020 01:43 AM
Yes there are indeed two flavours of CAS which are MCAS and OCAS. OCAS comes with O365 E5, and MCAS comes with EM+S E5, and to the best of my knowledge it also comes with the licensing that you have of EM+S E3 with the CAS add-on.
To prove this theory, I recommend you see if you can get an EM+S E5 trial and apply it to your GA account. See if that makes a difference maybe?
Apr 23 2020 01:55 AM
Yeah, unless i'm missing something very obvious, the CAS add-on is only available as MCAS as shown below;
So if it is this add-on that you have, then MCAS is what you should be getting, not OCAS
Apr 23 2020 02:01 AM
This confirms it. EM+S E3 plus standalone CAS gets you the full MCAS features and not just the subset that comes with OCAS.
https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2NXYO
Apr 23 2020 02:05 AM
Things are getting clearer: We have EMS E3, O365 E3 and Office365 Cloud App Security licenses. So it seems to be correct that we're using OCAS. But still: Microsoft ATP is integrated in our OCAS, so it should be possible to block apps. I will contact our license-supplier to check what to expect with the licenses they sold us:-)
Apr 23 2020 02:08 AM
Licensing is such a minefield. There really are too many different ways to get CAS and it's really difficult keeping up. Hope you manage to get somewhere with this but it sounds like you are on the right track!
May 04 2020 03:31 AM
@PeterRising According to our license-specialist OCAS-licenses are retired per Februari 1st and all users should upgrade to MCAS as soon as their subscription end:
How are existing Office 365 Cloud App Security customers impacted
On February 1, 2019, the Office 365 Cloud App Security USL standalone SKU was retired, and new customer subscriptions will no longer be available as a standalone. Office 365 CAS will continue to be included with Office 365 E5 and Microsoft Cloud App Security.
Existing customers will see no changes for the remainder of their current enrollment term and may continue to add new Office 365 Cloud App Security standalone USLs.
Customers with enrollments expiring on or before June 30, 2019 will have the option to renew Office 365 Cloud App Security standalone for one more term.
Customers with Office 365 Cloud App Security standalone enrollments expiring after June 30, 2019, will need to move to Microsoft Cloud App Security at renewal to maintain the service
In the meantime nothing should change in an existing environment. Apparently we now have a mixed environment: partly MCAS but with the limitations of OCAS. They couldn't tell me whether this is correct. Our subscription ends on July 1st, so after date we will have MCAS-licenses. I hope everything will then work as expected.
May 04 2020 03:41 AM
That is pretty annoying that you have to wait until July 1st to find out. Licensing is always such a minefield.