Jan 11 2019 06:31 AM
Hi! Anyone know if there are any plans for multi-instance support for Office 365 and Azure app connectors?
I have a customer which have lots of tenants and they would like to aggregate all the security logging into the same centralized MCAS solution. But since it doesn't seem to be possible today they are pulling all the logs down on-premises for further analysis in their own SIEM.
I can really see the need for this functionality since many organisations buy other companies and end up with more tenants. If they are going to be able to keep control over the ever increasing security boundary they are forced to download all the logs to their local SIEM.
Thanks in advance!
Jan 11 2019 09:30 AM
Jan 14 2019 05:51 AM
Hi @jensandersson,
As Christopher mentioned there are currently no plans for multi-instance support for 1st party apps.
To support multiple Office/ Azure instances you would need multiple MCAS tenants.
From there you have the option of of either using SIEM to centralize everything or by assigning admins from a single tenant with permissions to all others and then sue the tenant switcher to move through them. More info on this can be found here: https://docs.microsoft.com/en-us/cloud-app-security/manage-admins#invite-external-admins
Regards,
Dima.
Jan 18 2024 08:25 AM
@jensandersson While Microsoft hasn't publicly shared plans for multi-instance support in Office 365 and Azure app connectors, it's crucial for organizations with multiple tenants.
Gathering security logs into a central Microsoft Cloud App Security deployment is practically necessary for managing diverse tenants. Though Azure AD Premium offers cross-tenant reporting, it doesn't replace the desired MCAS connector support. MCAS scripts aid in copying data between tenants, but scalability may be an issue in larger environments.
While routing logs to an on-premises SIEM is a valid workaround, it's not ideal. Provide feedback to Microsoft for future MCAS updates addressing cross-tenant support. As demand grows, specific customer use cases can illustrate the need for this functionality. The hope is Microsoft will incorporate it, serving a broader user base.