Plans for multi instance app connectors to Office 365 and/or Azure?

Copper Contributor

Hi! Anyone know if there are any plans for multi-instance support for Office 365 and Azure app connectors?
I have a customer which have lots of tenants and they would like to aggregate all the security logging into the same centralized MCAS solution. But since it doesn't seem to be possible today they are pulling all the logs down on-premises for further analysis in their own SIEM.

 

I can really see the need for this functionality since many organisations buy other companies and end up with more tenants. If they are going to be able to keep control over the ever increasing security boundary they are forced to download all the logs to their local SIEM.

 

Thanks in advance!

3 Replies
Hi @jensandersson,

AFAIK, there are no plans for multi-tenant support for Office 365 and Azure App connectors.

Would recommend raising this on the Cloud App Security Uservoice

https://microsoftsecurity.uservoice.com/forums/905161-cloud-app-security

I think it would be a good idea to potentially look at a version which could support multiple tenants - it would be good for Managed Service Providers, Groups, Franchises, etc.

At present, the local SIEM would be the only option to take the logs from the different tenants.

Hope that answers your question.

Best, Chris

Hi @jensandersson,

As Christopher mentioned there are currently no plans for multi-instance support for 1st party apps.

To support multiple Office/ Azure instances you would need multiple MCAS tenants.

 

From there you have the option of of either using SIEM to centralize everything or by assigning admins from a single tenant with permissions to all others and then sue the tenant switcher to move through them. More info on this can be found here: https://docs.microsoft.com/en-us/cloud-app-security/manage-admins#invite-external-admins

 

Regards,

Dima.

@jensandersson While Microsoft hasn't publicly shared plans for multi-instance support in Office 365 and Azure app connectors, it's crucial for organizations with multiple tenants.

 

Gathering security logs into a central Microsoft Cloud App Security deployment is practically necessary for managing diverse tenants. Though Azure AD Premium offers cross-tenant reporting, it doesn't replace the desired MCAS connector support. MCAS scripts aid in copying data between tenants, but scalability may be an issue in larger environments.

 

While routing logs to an on-premises SIEM is a valid workaround, it's not ideal. Provide feedback to Microsoft for future MCAS updates addressing cross-tenant support. As demand grows, specific customer use cases can illustrate the need for this functionality. The hope is Microsoft will incorporate it, serving a broader user base.