SCIM provisioning - custom app authentication
Hi, in the documentation for handling endpoint authentication, two methods are given: 1) a "long-lived token" (i.e. a secret key that has to be pasted in-clear by the admin) 2) "Microsoft Entra bearer token" - similar to other services (e.g. callbacks for MS Teams bots), Microsoft sign the outgoing calls, and the app being provisioned can validate them against Microsoft's public keys To me, option (2) is by far the best - each message is signed individually, there is no manual handling of secrets etc. As said in the documentation - "Apps that use Microsoft Entra ID as an identity provider can validate this Microsoft Entra ID-issued token." - great! So why on earth does it then say "The token generated by the Microsoft Entra ID should only be used for testing. It shouldn't be used in production environments."? Why not? The whole system of Entra bearer tokens is only for test? And production should go back to secret keys, with all the problems they have? It doesn't seem right.. What am I missing here?Lag in Cloud App Security
Does anyone else notice/experience a lag in the logging within Microsoft Cloud App Security? It's more noticeable with connections to other cloud services but even processing rules around revoking rights to for example files flagged as sensitive seems to take longer than what I would describe as acceptable to process (so more than 30 minutes). As a small team, ideally we would like to trust the reporting and actions that this product generates and takes but it just doesn't seem to be consistent.
How to get Sharepoint online into Conditional Access app Control
Hello What are the steps to add sharepoint online into Conditional Access app Control ? When i add a new app then search for Sharepoint i get the message below. When i click on the "start wizard" its asking me for saml xml data. Is this the proper way to add SharePoint online toConditional Access app Control ?Microsoft Entra Internet Access Location Awareness
Hi all, I'm currently evaluating Microsoft Entra Private and Internet Access (with good result until now). By default, the agent is started meaning that all Internet traffic goes to MS Edge. Is it possible to disable (automatically) the agent based on the location of the computer ? Example, if the device is connected to the corporate network, the service needs to be disabled... Another question, does it detect captive portal in case the device is connected to a "kiosk" network ? And finally (for Private Access), is it plan to support LDAP traffic over UDP and more generally UDP ?? Regards, HA
Plans for multi instance app connectors to Office 365 and/or Azure?
Hi! Anyone know if there are any plans for multi-instance support for Office 365 and Azure app connectors? I have a customer which have lots of tenants and they would like to aggregate all the security logging into the same centralized MCAS solution. But since it doesn't seem to be possible today they are pulling all the logs down on-premises for further analysis in their own SIEM. I can really see the need for this functionality since many organisations buy other companies and end up with more tenants. If they are going to be able to keep control over the ever increasing security boundary they are forced to download all the logs to their local SIEM. Thanks in advance!Create a new user in Power App through register/log-in function
Hi. I am trying to implement the log-in function in Power App. The user should be able to create their own account through Power App and log-in again next time since their log-in data will be saved in a database. In this case, I am using Microsoft Entra ID as my database. This is my code of the "Submit" button in my Power App: MicrosoftEntraID.CreateUser(EnableAccountToggle.Value;EMailTextInput.Text; PasswortTextInput.Text). I dont know what is wrong with my code, because when I try to create a new user account from Power App, the data of the new user does not show on my Microsoft Entra ID. I have already connected my app to the Microsoft Entra ID connector. I have not changed anything at all in my Microsoft Entra ID since having an account for it. Do I have to create a group or something in my Microsoft Entra ID? I really appreciate your advice! You can also recommend other data management tools to me or tell me what your experience with them.
New Blog | Microsoft Entra Private Access: An Identity-Centric Zero Trust Network Access Solution
On July 11, 2023, we introducedMicrosoft’s identity-centric security service edge (SSE) solutionand two new services: Microsoft Entra Private Access and Microsoft Entra Internet Access, which are now inpublic preview. In this blog, we take a deeper look into Microsoft. Entra Private Access. Read the full blog here:Microsoft Entra Private Access: An Identity-Centric Zero Trust Network Access Solution - Microsoft Community Hub
MCAS Regex Engine
Maybe you have a Quick answer. We are currently evaluating DLP Capabilities with MCAS. As we are now implementing Use Cases, we discovered that the Regex Engine from Microsoft is somewhat special. Me and my colleagues understand that this is a mass amount engine and therefore has its limitations regarding the Quantifiers. Now, the Docs are kind of clear but only very less. How does the Regex Engine actually works, what are the limitations? We can investigate every single regex match but how do we validate false positives for a amount of matches? (Probability Score or Reducing the max. Matches per day) Some example use cases from the customer: - Leveraging regex to look for http headers - Look for Cookies (e.g. Look for "Set-Cookie") - Regex hunting base64 encoded jwt id or access tokens or other custom tokens with various file types - pci data (can be covered by MCAS) - aws session token (SessionToken AND base64 encoded data in the vicinity) - MIP labeled documents ( can be covered by MCAS) Hope someone can help"Access to Microsoft Teams is monitored" - Timesout
Hi all, Could you point me in the right direction here, please. We have MCAS in place mostly for session-based policies, however, when attempting to load Teams, it sits on this page going around until it eventually times out: Seems to impact SharePoint too, but Exchange, OneDrive, etc seem fine. I believe due to this that the Teams and Sharepoint apps aren't showing under Conditional Access app control apps: My conditional access policy is scoped to the 'Office 365' apps. Sometimes the above pages don't appear and it goes through with the session-based policies working fine but it is inconsistent. I'm tested on edge, Chrome, Firefox, etc, the same inconsistent issue is present. MCAS tenant is located in West Europe (EU1)
