The Microsoft Cloud App Security (MCAS) Ninja Training (March 2021 Update)

We’ve updated the MCAS Ninja Training since this post was published. For the latest version of the training, visit Microsoft Cloud App Security (MCAS) Ninja Training | September 2021 - Microsoft Tech Community.

 

Welcome to the MCAS Ninja Training!

March 2021

 

 

Short links: http://aka.ms/MCASNinjaTraining and http://aka.ms/MCASNinja.

 

Have you been wanting to secure your cloud resources? Do you have agreements with non-Microsoft cloud applications? Do you want to share your cloud security knowledge and experience with others? Wait no longer, the Microsoft Cloud App Security (MCAS) Ninja training is here!

 

MCAS has hundreds of amazing videos out there and it can sometimes be overwhelming with determining where to start and how to progress through different levels. We've gone through all these and created this repository of training materials in an ascending order… all in one central location! Please let us know what you think in the comments. The content has been updated as of March 2021.

 

In terms of overall structuring, the training sessions are split into three different knowledge levels:

 

·       Beginner (Fundamentals)

·       Intermediate (Associate)

·       Advanced (Expert)

 

Module	Description
1.       Level 1: Beginner (Fundamentals)	Introduction to Microsoft Cloud App Security, licensing, portal navigation, policy basics, and overall definitions.
2.       Level 2: Intermediate (Associate)	Capability demos, automatic governance, overall deployment, and connecting 3rd party apps.
3.       Level 3: Advanced (Expert)	Power automate, 3rd party IdP integration, and advanced use case scenarios.

 

In addition, after each module/level, there will be a knowledge check based on the training material you’d have just finished! Since there’s a lot of content, the goal of the knowledge checks is to help you determine if you were able to get some of the major key takeaways. Lastly, there’ll be a fun certificate issued at the end of the training: Disclaimer: This is not an official Microsoft certification and only acts as a way of recognizing your participation in this training content.

 

NOTE: This training will be updated on a quarterly basis to ensure you all have the latest and greatest material!

 

Let us know what you think!

 

P.S. I wanted to give my colleague, DanEdwards, a huge kudos for helping me automate the certificate app and knowledge check! Thank you, Dan!

 

Legend/Acronyms
(D)	Microsoft Documentation
(V)	Video
(B)	Blog
(S)	Site
(IG)	Interactive Guide
MCAS	Microsoft Cloud App Security
RBAC	Role-based access control
MDATP	Microsoft Defender Advanced Threat Protection
AATP	Azure Advanced Threat Protection
ATP	Advanced Threat Protection
AIP	Azure Information Protection
ASC	Azure Security Center
AAD	Azure Active Directory
CASB	Cloud Access Security Broker
MTP	Microsoft Threat Protection
GCC	Government Community Cloud
GCC-H	Government Community Cloud High
MDI	Microsoft Defender for Identity
MDO	Microsoft Defender for Office 365
MDE	Microsoft Defender for Endpoint

 

Note: Threat protection product names from Microsoft are changing. Read more about this and other updates here. We'll be updating names in products and in the docs soon.

• Microsoft 365 Defender (previously Microsoft Threat Protection)

• Microsoft Defender for Endpoint (previously Microsoft Defender Advanced Threat Protection)

• Microsoft Defender for Office 365 (previously Office 365 Advanced Threat Protection)

• Microsoft Defender for Identity (previously Azure Advanced Threat Protection)

 

MCAS Ninja Training

 

Level: Beginner  (Fundamentals) (Video Introduction)

1. Community Information
   1. MCAS Tech Community
      1. This is a Microsoft Cloud App Security (MCAS) Tech Community space that provides an opportunity to connect and discuss the latest news, updates, and best practices with Microsoft professionals and peers.
2. Understanding CASBs
   1. Top 20 Use Cases for CASBs (D)
      1. This document provides use cases which can be leveraged as a starting point during a proof of concept (POC), or as you’re getting ready to deploy your CASB solution looking for ways to prioritize your deployment component.

   2. What is a CASB and Why Do I need one? (B)

      1. A blog detailing an overview of CASBs and why they're important for securing your cloud resources. 
3. MCAS Best Practices (D)
   1. This article provides best practices for protecting your organization by using Microsoft Cloud App Security. These best practices come from our overall experience working with Cloud App Security and from the experiences from customers like you.
4. MCAS User Interface Updates (B)
   1. This blog provides an updates on the upcoming MCAS UI changes.
5. MCAS Introduction
   1. MCAS Licensing (V)*subject to change*
      1. Questions on MCAS licensing? Contact your Microsoft reseller or Microsoft Partner.
      2. MCAS License Datasheet (D)
      3. Differences between MCAS and OCAS (D)
      4. Differences between MCAS and AAD Discovery (D)
   2. Microsoft Cloud App Security Introduction (V)
      1. This is an introductory video presentation of Microsoft's Cloud Access Security Broker (CASB): Microsoft Cloud App Security (MCAS).
   3. TCO/ROI of Microsoft Cloud App Security (Forrester Study) (V)
      1. This video goes over the results of a Forrester Study from May 2020 with the Total Cost of Ownership and Return on Investment of MCAS.
      2. For more information, check out the overview of the study here! (S)
6. Initial Settings
   1. Configure IP Addresses (V)
      1. This video shows you how to add your organization's IP address ranges to remove complexities from policy creation, investigation, and improve the accuracy of your alerts.
      2. For more information, check out this article. (D)
   2. Import User Groups (V)
      1. This video shows you how to important user groups into MCAS to help create relevant policies.
      2. For more information, check out this article. (D)
   3. Configure Admin Roles (V)
      1. In this video, we show you how to configure admin roles and setup role-based access controls.
      2. For more information, check out this article. (D)
   4. Configure MSSP Access (V)
      1. The above video walks you through adding Managed Security Service Provider (MSSP) access to MCAS.
   5. Access Security Configuration Assessments of Azure, AWS, and GCP in MCAS (V)
      1. This video provides a high level overview of how to see the security configuration information in MCAS for Azure, AWS, and GCP.
      2. For more information, please check out our documentation here! (D)
7. Cloud Discovery
   1. Introduction to MCAS Cloud Discovery (B)
      1. This blog details how to get started in Cloud Discovery.
   2. Dashboard Basics (D)
      1. The above article gives an overview on how to work with MCAS daily while providing a few tips on how to navigate the portal.
   3. Discovered Apps (D)
      1. The above article provides guidance on how to work with discovered apps and the steps to take to dive deep into what the dashboard offers.
   4. App Risk Scoring (V)
      1. This video provides an overview on how MCAS evaluates the risk over discovered SaaS apps in your environment.
      2. For more information, check out this article. (D)
   5. Connect your favorite Apps to MCAS (B)
      1. This video provides a brief overview on connected Salesforce, GitHub, and Box to MCAS.
         1. For the video walkthrough on GitHub, please click here. (V)
         2. For the video walkthrough on Salesforce, please click here. (V)
         3. For the video walkthrough on Box, please click here. (V)
      2. For more information, check out this article. (D)
   6. Using the Cloud App Discovery Feature (V)
      1. This is a video overview of MCAS and its discovery functions.
8. Information Protection and Real-time Controls
   1. Connect Office 365 (V)
      1. This video demonstrates how to connect Office 365 to Microsoft Cloud App Security and enable our powerful capabilities across DLP, Threat Protection, and more.
   2. What is Conditional Access App Control? (V)
      1. In this video, we explore what Conditional Access App Control is, how to deploy and configure it, and testing of a scenario (Microsoft Teams).
   3. Governance actions for non-O365 and Azure apps (V)
      1. This video provides a high level overview on some of the governance actions that can be taken with 3rd party apps in MCAS.
   4. Configure AAD with MCAS Conditional Access App Control for Session Controls (Downloads) (V)
      1. In this video, we walk you through how to configure real-time monitoring and control across your cloud apps leveraging our powerful, native integration with Azure AD Conditional Access to have more control over your downloads.
   5. Block Sensitive Information Downloads (D)
      1. The above article walks you through a tutorial on how to create a session policy to block the download of sensitive information.
   6. Configure AAD with MCAS Conditional Access App Control for Session Controls (Uploads) (V)
      1. In this video, we walk you through how to configure real-time monitoring and control across your cloud apps leveraging our powerful, native integration with Azure AD Conditional Access to have more control over your uploads.
9. Threat Detection
   1. Threat Detection Overview (V)
      1. The above video walks you through MCAS’s threat detection capabilities that allow you to identify advanced attackers and insider threats.
   2. User and Entity Behavior Analytics (V)
      1. This video provides a brief overview on User & Entity Behavior Analytics (UEBA) in MCAS.
   3. Discover and Mange risky OAuth applications (V)
      1. This video discusses how MCAS can help you identify when users authorize OAuth apps, detect risky apps, and revoke access to risky apps.

Level: Beginner (Fundamentals) Knowledge Check

 

Level: Intermediate (Associate) (Video Introduction) 

1. Overview
   1. Microsoft Cloud App Security: Overview (V)
      1. This is an overview video discussing the different pillars and configuration steps for MCAS with a demo.
2. Cloud Discovery
   1. Cloud Discovery Interactive Guide (IG)
      1. This interactive guide walks you through discovering, protecting, and controlling your apps.
   2. Cloud Discovery Policies (D)
      1. The above article walks you through creating cloud discovery policies within your MCAS environment.
   3. MCAS and MDE Integration (D)
      1. This doc walks through the process of Integrating MDE (formerly MDATP) and MCAS and how simple the integration is—without requiring extra agents or proxies.
   4. How to design and deploy a Log Collector for MCAS (V)
      1. This is a video detailing the MCAS cloud discovery feature and how to deploy a log collector.
      2. For guidance on log collector deployment, choose your deployment mode here and follow the accompanying steps. (D)
   5. Integrate with Zscaler (D)
      1. If you work with both Cloud App Security and Zscaler, you can integrate the two products to enhance your security Cloud Discovery experience.
   6. Integrate with iboss (D)
      1. If you work with both Cloud App Security and iboss, you can integrate the two products to enhance your security Cloud Discovery experience.
   7. Integrate with Corrata (D)
      1. If you work with both Cloud App Security and Corrata, you can integrate the two products to enhance your security Cloud Discovery experience for mobile app use.
   8. Integrate with Menlo (D)
      1. If you work with both Cloud App Security and Menlo, you can integrate the two products to enhance your security Cloud Discovery experience.
3. Information Protection and Real-Time Controls
   1. Set up Document Fingerprinting in MCAS (V)
      1. This video walks you through configuring a file policy detecting document fingerprinting in your file repositories using MCAS.
      2. For more information on document fingerprinting in Microsoft 365, please check out this video here. (V)
   2. Protect and Control Information with MCAS (IG)
      1. This interactive guide walks you through common scenarios where you can control your information flows with MCAS.
   3. Secure and Connect Github (B)
      1. This blog walks through how to secure and connect your GitHub instance in MCAS.
      2. For the direct video to protect GitHub, please click here. (V)
   4.  Secure and Connect Box (B)
      1. This blog walks through how to secure and connect your Box instance in MCAS.
      2. For the direct video to protect Box, please click here. (V)
   5. Secure and Connect AWS (B)
      1. This blog walks through how to secure and connect your AWS instance in MCAS.
         1. For the direct video to Connect AWS for security auditing, please click here. (V)
         2. For the direct video to Connect AWS for security configuration, please click here. (V)
         3. For the direct video to Connect AWS for IaaS protection, please click here. (V)
   6. Protecting Storage Apps and Malware Detection (V)
      1. This video shows you how MCAS can help you protect your cloud storage apps and ensure that they are not infected with malware.
      2. For more information, please see this article. (D)
   7. Configuring a read-only mode for external users (V)
      1. This video walks you through one of the many use-cases focused on external users using Conditional Access App Control, our reverse proxy solution.
   8. Block unauthorized browsers form accessing corporate web apps (V)
      1. A video detailing the policy configuration required to block unauthorized browsers from accessing corporate web applications.
   9. Using Admin Quarantine to investigate files (D)
      1. The above article is a tutorial helping you use admin quarantine to protect your files.
   10. Automatically apply labels to your sensitive files (D)
       1. The above article is a tutorial walking you through applying a label to a sensitive file.
   11. Information Protection Policies (D)
       1. The above article walks you through creating information protection policies within your MCAS environment.
   12. MCAS or MIP? (B)
       1. This blog walks you through some of the top use cases and questions asked regarding when to use MCAS and MIP.
   13. AWS with AAD and MCAS (V)
       1. This video is a discussion that walks you through the architecture used to configure AWS with AAD and use MCAS to apply additional protections.
       2. For more details, please check out the supporting blog here. (B)
4. Threat Detection
   1. Threat Policies (D)
      1. The above article walks you through creating threat protection policies within your MCAS environment.
   2. Microsoft Defender for Identity Integration
      
      1. How Microsoft Defender for Identity integrates with MCAS(D)
         1. The above article is designed to help you understand and navigate the enhanced investigation experience in MCAS with MDI.
      2. Microsoft Defender for Identity Overview (V)
         1. The above video walks you through an overview of the MDI capability.
      3. For more information on Microsoft Defender for Identity, check out our new MDI Ninja Training here! (B)
   3. Detect Threats and Manage Alerts (V)
      1. The interactive guide above walks you through the steps of managing threats and alerts.

Level: Intermediate (Associate) Knowledge Check

 

Level: Advanced (Expert) (Video Introduction)

1. Power Automate Blog Series (B)
   1. Triage Infrequent Country Alerts using Power Automate and MCAS  (V)
      1. A video walk- through on creating a new Power Automate Flow to automate the triage of Infrequent Country alerts in MCAS (Threat Protection Pillar).
   2. Request user validation to reduce your SOC workload  (V)
      1. A vide walk-through on using Power Automate Flow to request user validation for file sharing (Data Protection Pillar).
   3. Request for Manager Action (V)
      1. This video walks you through using Power Automate Flow to request manager validation for their team.
      2. Step-by-step guidance (B)
   4. Auto-disable malicious inbox rules using MCAS & Power Automate (V)
      1. This video walks you through a new Power Automate Flow on how to remove malicious inbox rules detected in your cloud environment.
2. 3^rd Party IdP Configuration 
   1. PingOne (D)
      1. This document walks you through integrating PingOne with MCAS for Conditional Access App Control using Salesforce as an example.
   2. ADFS (D)
      1. This document walks you through integrating ADFS with MCAS for Conditional Access App Control using Salesforce as an example.
   3. Okta (D)
      1. This document walks you through integrating Okta with MCAS for Conditional Access App Control using Salesforce as an example.
3. Conditional Access App Control steps for non-Microsoft SAAS applications
   1. Workplace for Facebook (V)
   2. Box (V)
      1. Please check out this blog for more guidance on real-time protections for Box. (B)
   3. Slack (V)
4. SIEM Integrations
   1. Connect Azure Sentinel (V)
      1. This video details how to connect Azure Sentinel (Microsoft's SIEM + SOAR product) to MCAS.
   2. Azure Sentinel Entities Enrichment (Users) (V)
      1. This video looks at how you can use the provided playbooks to enrich your impacted user profiles, and then consume it in Sentinel, ServiceNow, or Postman.
   3. Microsoft CAS Infrequent Country triage with Azure Sentinel and Logic Apps (V)
      1. This video walks you through the deployment of a playbook to using it to triage your Azure Sentinel incidents.
   4. Connect a 3^rd Party SIEM (V)
      1. This video details how to connect a third party SIEM to MCAS.    
5. Advanced Scenarios and Guidance
   1. Indicators of Compromise  (V)
      1. This video walks you through how to create custom Indicators of Compromise in MCAS.
   2. MCAS and Microsoft Threat Protection  (V)
      1. A video guide on how Microsoft is unifying our threat products.
   3. Block Apps/Sites on iOS (Defender for Endpoint + MCAS) (V)
      1. A video walk-through on how to block apps and sites on iOS using Defender for iOS and using custom indicators of compromise from the Microsoft Cloud App Security & Microsoft Defender for Endpoint integration.
   4. MCAS API Documentation (D)
      1. The above article describes how to interact with Cloud App Security over HTTPS.
   5. Configuring a Log Collector behind a Proxy (D)
      1. The above article walks you through further configuration to ensure your log collector works when behind a proxy.
   6. Automate MCAS Alerts with Power Automate (IG)
      1. This interactive guide walks you through the steps needed to automate alert management using Power Automate.
6. Additional Blogs and Information
   1. Securing Administrative Access to Microsoft Cloud App Security and Defender for Identities (B)
      1. This blog provides guidance on how to configure Azure AD Conditional Access to secure administrative access to Microsoft Cloud App Security (MCAS) and Defender for Identities (formerly Azure ATP).
   2. Limiting Inherited Roles from Azure Active Directory in MCAS (B)
      1. This blog goes over a customer scenario for MCAS and the steps that can be taken to meet their requirements on limiting inherited AAD roles’ accesses in MCAS.
   3. MCAS Learn Paths
   1. Check out our new learning paths for MCAS here! (S)
   4. MCAS Lifecycle Management
      1. The below diagram is designed to help you maintain MCAS.

Level: Advanced (Expert) Knowledge Check

 

Once you’ve finished the training and the knowledge checks, please go to our attestation portal to generate your certificate (you'll see it in your inbox within 3-5 business days (click here).

 

We have a great lineup of updates coming for the next rendition (next quarter). If you'd like anything covered, please comment below! In addition, please reach out to us if you have any content you'd like to include as well.

 

We hope you all enjoy this training!

 

Feedback 

Let us know if you have any feedback or relevant use cases/requirements for this portion of Cloud App Security by emailing CASFeedback@microsoft.com and mention the core area of concern.

 

Learn more 

For further information on how your organization can benefit from Microsoft Cloud App Security, connect with us at the links below: 

Join the conversation on Tech Community.   Stay up to date—subscribe to our blog.	Upload a log file from your network firewall or enable logging via Microsoft Defender for Endpoint to discover Shadow IT in your network.
Learn more—download Top 20 use cases for CASB.	Connect your cloud apps to detect suspicious user activity and exposed sensitive data.
Search documentation on Microsoft Cloud App Security.	Enable out-of-the-box anomaly detection policies and start detecting cloud threats in your environment.
Understand your licensing options .	Continue with more advanced use cases across information protection, compliance, and more.
Follow the Microsoft Cloud App Security Ninja blog and learn about Ninja Training.   Go deeper with these interactive guides:  ·         Discover and manage cloud app usage with Microsoft Cloud App Security  ·         Protect and control information with Microsoft Cloud App Security  ·         Detect threats and manage alerts with Microsoft Cloud App Security  ·         Automate alerts management with Microsoft Power Automate and Cloud App Security

 

To experience the benefits of full-featured CASB, sign up for a free trial—Microsoft Cloud App Security. 

 

Follow us on LinkedIn as #CloudAppSecurity. To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity on Twitter, and Microsoft Security on LinkedIn for the latest news and updates on cybersecurity.