Mar 07 2021 11:08 PM
Is it possible to show the device name or id in Cloud App Security, which performed an activity? We are using Intune, and would like to see if activitites performed by our users are from an Intune on-boarded device.
Mar 08 2021 06:34 AM
Mar 08 2021 07:05 AM
@jurowley thank you! Two follow-up questions:
1) Where would I see, if the performed activity is from an intune compliant device. When I check the Device type of an Activity it displays generic information like "Windows 10" or "Android":
2) How do I know if the AAD integration is working, or where can I configure the AAD integration.
Thank you very much!
Mar 08 2021 07:27 AM
Solution@Kiril Filter the Activity Log by "Microsoft Azure" application. It will show if the device is compliant in the "View Raw Data" JSON.
If you have no Activity Data from Microsoft Azure app in MCAS, then you need to onboard it with a Conditional Access Policy (CAP) in AAD. Just setting the CAP to "Monitor Only" will begin the data capture.
Mar 08 2021 07:30 AM
Mar 08 2021 08:01 AM
Mar 08 2021 08:11 AM
Mar 08 2021 08:29 AM
Mar 08 2021 10:42 AM
Mar 08 2021 07:27 AM
Solution@Kiril Filter the Activity Log by "Microsoft Azure" application. It will show if the device is compliant in the "View Raw Data" JSON.
If you have no Activity Data from Microsoft Azure app in MCAS, then you need to onboard it with a Conditional Access Policy (CAP) in AAD. Just setting the CAP to "Monitor Only" will begin the data capture.