Member: Caroline_Lee | Microsoft Community Hub

Recent Discussions

Re: Difference between MDO & MDCA
Hi, thanks for your question. The empty cells should be interpreted as, "NO."
Jan 20, 2023 Place Microsoft Defender XDR
2.7KViews
0likes
0Comments
Re: Policy with no alert
ItsMeMichael Are you using the built in policy or an activity policy? Could you provide a screenshot of your policy configuration?
Oct 05, 2020 Place Microsoft Defender for Cloud Apps
990Views
0likes
0Comments
Re: Snapshot report from 2 gb Cisco ASA Firewall logs only showing 8 Apps?
Lassekatten Hi Lars, since you've checked the log format, size and time period there's no reason I can think of as to why you're only seeing 8 apps. I'd recommend opening a support ticket for this issue.
Sep 24, 2020 Place Microsoft Defender for Cloud Apps
1.2KViews
0likes
0Comments
Re: Failed Logins with Cloud App Security - Locked account
SergioT1228 Hi, one way you'd be able to see this is under the investigate blade > users and accounts > filter on the status=Suspended. Does that help?
Sep 24, 2020 Place Microsoft Defender for Cloud Apps
4.6KViews
0likes
3Comments
Re: Deleted files
userCAS Hi Mour, one way is you can reference the governance log and filter on action type=trash to see a view of all the files that have been deleted. Does that answer your question?
Sep 24, 2020 Place Microsoft Defender for Cloud Apps
2.3KViews
0likes
0Comments
Re: Snapshot report from 2 gb Cisco ASA Firewall logs only showing 8 Apps?
Lassekatten Hi, there is a size limit for each log upload (1GB), that could be the reason. Also, do the logs contain any entries outside of the 90 day period? Link to snapshot doc: https://docs.microsoft.com/en-us/cloud-app-security/create-snapshot-cloud-discovery-reports
Sep 24, 2020 Place Microsoft Defender for Cloud Apps
1.2KViews
0likes
2Comments
Re: Created Policy - What is the difference: Alerts vs Activity?
SergioT1228 Great question! The activity log will be a view of all the activities performed in your connected applications. This could range from a log on, file download, task creation, etc where as an alert will notify you of a potential threat in your cloud environment. The reason why you may be seeing more failed log ons in activity log vs. in the alert panel is because sometimes failed logins can be normal behavior (i.e. user forgetting their password). This could also depend on how you've scoped your policy i.e. alert on 10 repeated failed log-ons in a 5 min time interval would only result in 1 alert but 10 entries in activity log. There is also specific anomaly detection policy based off of User Entity Behavior Analytics (UEBA), where MCAS studies the behavior of the user for 7 days and establishes a baseline for each user and will alert on any unusual behavior. Investigating multiple failed logon attempts: https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts#multiple-failed-login-attempts Activities in MCAS: https://docs.microsoft.com/en-us/cloud-app-security/activity-filters Does that answer your question?
Sep 24, 2020 Place Microsoft Defender for Cloud Apps
1.3KViews
1like
0Comments
Re: MCAS: Create Item Impersonated activity
Mary_Yvette Thanks for the question! Check out the impersonated activity in the investigation alerts guide: https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts#unusual-impersonated-activity-by-user
Jun 18, 2020 Place Microsoft Defender for Cloud Apps
5.1KViews
0likes
0Comments
Re: PowerBi Session Control - Inspection Method -
Desm_Phil Thanks for the question! Could you actually open a support ticket on this?
Jun 18, 2020 Place Microsoft Defender for Cloud Apps
1.5KViews
0likes
0Comments
Re: How to view ingested traffic logs on MCAS
kaushal28 Thanks for the clarification. Currently, you cannot see the actual data ingested in MCAS but you can see the # of uploaded logs if you go to Settings > Log Collector > Datasource tab.
Jun 18, 2020 Place Microsoft Defender for Cloud Apps
2.5KViews
1like
2Comments
Re: How to view ingested traffic logs on MCAS
kaushal28 Thanks for the feedback! If you go to Discovered apps > there is an export button where you can export the data in an excel form. Hope this helps!
Jun 17, 2020 Place Microsoft Defender for Cloud Apps
2.6KViews
0likes
4Comments
Re: MCAS - No option to use old dashboard experience
Hi jamrobot following up on the question above, do you mind elaborating more on the bullets you mentioned? Thanks so much!
Jun 04, 2020 Place Microsoft Defender for Cloud Apps
1.2KViews
0likes
0Comments
Re: MCAS - No option to use old dashboard experience
jamrobot Hi, thanks for the feedback! I'll relay this back to the product group. What are the "very useful," widgets you mentioned in your 3rd bullet?
May 28, 2020 Place Microsoft Defender for Cloud Apps
1.3KViews
0likes
2Comments
Re: Generate MCAS activity in a demo tenant
ttelrocj Got it. I double checked with my team and unfortunately, there is no quick way to simulate those types of activities you're looking to generate you would have to manually conduct those actions.
Apr 14, 2020 Place Microsoft Defender for Cloud Apps
1.8KViews
0likes
1Comment
Re: Generate MCAS activity in a demo tenant
ttelrocj Hi! Good question, what kind of activities are you looking to generate? Creating specific policies you know will match may be a quick way to generate activities and alerts.
Apr 14, 2020 Place Microsoft Defender for Cloud Apps
1.7KViews
0likes
3Comments
Re: Log collector error from columbus
mlmcadams Hi! Could you try these two options & see if they work for you? The error code 301 at the end references permanent URL redirection, meaning current links or records using the URL that the response is received for should be updated. Check log collector version make sure it TLS 1.2+, you can check by running the following command prompt: docker exec -it <LogCollectorName> ls -l /etc/adallom/components/columbus/columbus.jar
Mar 19, 2020 Place Microsoft Defender for Cloud Apps
1.6KViews
0likes
0Comments

User Profile

Caroline_Lee

User Widgets

Recent Discussions

Re: Difference between MDO & MDCA

Re: Policy with no alert

Re: Snapshot report from 2 gb Cisco ASA Firewall logs only showing 8 Apps?

Re: Failed Logins with Cloud App Security - Locked account

Re: Deleted files

Re: Snapshot report from 2 gb Cisco ASA Firewall logs only showing 8 Apps?

Re: Created Policy - What is the difference: Alerts vs Activity?

Re: MCAS: Create Item Impersonated activity

Re: PowerBi Session Control - Inspection Method -

Re: How to view ingested traffic logs on MCAS

Re: How to view ingested traffic logs on MCAS

Re: MCAS - No option to use old dashboard experience

Re: MCAS - No option to use old dashboard experience

Re: Generate MCAS activity in a demo tenant

Re: Generate MCAS activity in a demo tenant

Re: Log collector error from columbus

Recent Blog Articles

What’s new in Microsoft Defender XDR at Secure 2025

Ignite news: What's new in Microsoft Defender XDR?

RSA news: What's new in Defender XDR?

Microsoft empowers partners to securely build their own connector on its Open App Connector Platform

RSA News: Taking XDR for SaaS apps to the next level - App Governance is now included in E5 Security

Improve your app posture and hygiene using Microsoft Defender for Cloud Apps

MCAS: Top 5 Queries You Need to Save

Bypass Blocking PDF Previews in OWA

ANNOUNCEMENT: MCAS 3rd Party IdP Documentation

Auto-disable malicious inbox rules!