User Profile
Boris_Kacevich
Former Employee
Joined 7 years ago
User Widgets
Recent Discussions
Re: MDATP Integration - Unsanctioned Apps - Allow for some users?
PJR_CDF You can find the needed info here: https://docs.microsoft.com/en-us/cloud-app-security/mde-integration Regarding the granular controls - this is not yet supported and is pending user granularity capabilities in MDE. We will expose parity with MDE indicators in MCAS by allowing scoping blocks based of device groups. Boris2.1KViews1like3CommentsRe: MDATP Integration - Unsanctioned Apps - Allow for some users?
Hi Cristian Calinescu As we rely on the MDE (Microsoft Defender for Endpoints - previously MDATP) capabilities and to have better visibility for this request, I suggest raising this request with the MDE team. Boris8.8KViews0likes1CommentRe: Any way to view log data being collected?
Hi everyone, There was indeed an issue with the log format and a fix was deployed - the ETA for its availability in all tenants is during the week of the 18th of January. If you will keep encountering this issue, I suggest opening a support case for Cloud App Security. Boris2.7KViews0likes1CommentRe: Governance log showing many pending logs uploaded from the log collector
Hi mlmcadams , The pending status is a normal status as any newly received log is entering a processing pipeline and queue. If the load of the new logs is high you should expect a longer queue and more tasks in pending status. If you see that the tasks are pending for more than a reasonable period of time I suggest opening a support case so engineering could review the issue. Boris2.9KViews1like0CommentsRe: MacOS / MDATP - MCAS Integration
ShadowScout Hi, The controls for MacOS should be available as part of the MacOS preview in Microsoft Defender for Endpoints. any app tagged as unsanctioned in MCAS should be blocked on the Mac device. Discovery is still in our backlog planned for 2021 CY. Boris11KViews0likes7CommentsRe: How to view ingested traffic logs on MCAS
Hi kaushal28 As Caroline mentioned we do not have raw data investigation capability today. But in order to verify your script functionality, I suggest to send a single file with several log lines of different app access' and verify all apps are discovered. I also recommend creating a new data source to have a separate continuous report and upload these logs directly to it using the "inputStreamName" parameter. Later you could delete this data source. Boris2.4KViews0likes0CommentsRe: MCAS with Outlook Web App Add-Ins
Hi gd-29 When you mentioned MCAS with Outlook Web App + Add-ins - do you mean seeing this add-ins as detected OAuth apps in O365, or, seeing them identified in the Discovered apps section? Also, have you been able to see these apps under Enterprise Application in Azure AD? Best, Boris2.7KViews0likes1CommentRe: Monitoring App used from Personal devices
Hi Dean_Gross Given that the corp resources require a sign-in using, for example, Azure AD, then the user's device will be taken into account as a risk factor for Conditional access - based on the policies set by the org the sign-in might fail and the user might be required to MFA to make sure he is who he claims to be. Alex Esibov to add additional comments if needed. Boris1.1KViews0likes0CommentsRe: MacOS / MDATP - MCAS Integration
Hi Saif_Rahman Nice to meet you. MacOS support is still planned for the end 2020CY. The plan is to roll out with app controls - e.g app allow/block access. During 2021CY we plan to introduce Shadow IT discovery for MacOS as well. Best, Boris11KViews2likes4CommentsRe: Additional insight on Gmail use in MCAS
Hi PHancke MCAS is bound to the information provided by MDATP or any other network appliance (SWG, Firewall and etc.). You are able to monitor the app's usage patterns such as the number of users using the apps, the amount of data being uploaded and downloaded and etc. By using the Sanctioned/Uns-anctioned tag, you are then able to set automated policy-based alerts to be notified when a certain app's (in this case Gmail) usage patterns violate company regulations. We are planning to provide visibility into file hashes that are being uploaded to any of the monitored apps and protect sensitive data upload to Risky/Un-sanctioned apps. No ETA yet. More information can be found here: https://docs.microsoft.com/en-us/cloud-app-security/tutorial-shadow-it https://docs.microsoft.com/en-us/cloud-app-security/tutorial-flow I suggest taking the AIP/MDATP question in MDATP forums. Best, Boris K1.6KViews0likes0Comments