Forum Discussion
Solved
Show device name in activity overview
Is it possible to show the device name or id in Cloud App Security, which performed an activity? We are using Intune, and would like to see if activitites performed by our users are from an Intune on-boarded device.
Kiril Filter the Activity Log by "Microsoft Azure" application. It will show if the device is compliant in the "View Raw Data" JSON.
If you have no Activity Data from Microsoft Azure app in MCAS, then you need to onboard it with a Conditional Access Policy (CAP) in AAD. Just setting the CAP to "Monitor Only" will begin the data capture.
- jurowley
Microsoft
Hey @Kiril - yes it is. The Device info is audited by AAD and sent to MCAS through either AAD integration or CAAC with a Conditional Access Policy configured in AAD. There are scenarios that AAD isn't able to collect the Device information (i.e. InPrivate window or some other known-issue). In this scenario, MCAS just assumes the machine is not Intune compliant if you have any policies configured to assess this.jurowley thank you! Two follow-up questions:
1) Where would I see, if the performed activity is from an intune compliant device. When I check the Device type of an Activity it displays generic information like "Windows 10" or "Android":
2) How do I know if the AAD integration is working, or where can I configure the AAD integration.
Thank you very much!
- jurowley
Kiril Filter the Activity Log by "Microsoft Azure" application. It will show if the device is compliant in the "View Raw Data" JSON.
If you have no Activity Data from Microsoft Azure app in MCAS, then you need to onboard it with a Conditional Access Policy (CAP) in AAD. Just setting the CAP to "Monitor Only" will begin the data capture.
