Application Script That Filters Risky Unused Apps on Your Environment.
Hey there everyone. Recently made a script that filters out high risk applications (Risk score <4) that haven't been used in awhile on your environment. An easy win is to block applications that haven't been used in a bit. We have specific application categories we are more interested in than others. Feel free to copy this template, or use others. Oh- you need the MCAS Powershell package installed too. Here is the download link: https://github.com/microsoft/MCAS/ #defining variables $count = 0 #Count variable used for determining the number of apps left $obj = @() #Array where the apps will be added to do { $applist = Get-MCASDiscoveredApp -Skip $count $count += $applist.count ## applies the list count to the specific count itself. foreach($app in $applist){ ##for each application inside the list of 100 if(($app.category -eq "SAASDB_CATEGORY_SOCIALNETWORK") -or ($app.category -eq "SAASDB_CATEGORY_NEWS_AND_ENTERTAINMENT") -or ($app.category -eq "SAASDB_CATEGORY_CLOUD_COMPUTING_PLATFORM") -or ($app.category -eq "SAASDB_CATEGORY_CONTENT_MANAGEMENT") -or ($app.category -eq "SAASDB_CATEGORY_COLLABORATION") -or ($app.category -eq "SAASDB_CATEGORY_HOSTING_SERVICES") -or ($app.category -eq "SAASDB_CATEGORY_IT_SERVICES") -or ($app.category -eq "SAASDB_CATEGORY_MARKETING") -or ($app.category -eq "SAASDB_CATEGORY_IT_SERVICES") -or ($app.category -eq "SAASDB_CATEGORY_WEBMAIL") -or ($app.category -eq "SAASDB_CATEGORY_SECURITY") -or ($app.category -eq "SAASDB_CATEGORY_FORUMS") -or ($app.category -eq "SAASDB_CATEGORY_ONLINE_MEETINGS") -or ($app.category -eq "SAASDB_CATEGORY_COMMUNICATIONS") -or ($app.category -eq "SAASDB_CATEGORY_WEB_ANALYTICS") -or ($app.category -eq "SAASDB_CATEGORY_ADVERTISING") -or ($app.category -eq "SAASDB_CATEGORY_WEBSITE_MONITORING") -or ($app.category -eq "SAASDB_CATEGORY_CONTENT_SHARING") -or ($app.category -eq "SAASDB_CATEGORY_ADVERTISING") -or ($app.category -eq "SAASDB_CATEGORY_BUSINESS_INTELLIGENCE")){ ##filters on application category - we look for specific types here for our enviornment. Change to your liking. if($app.lastUsed -lt (get-date).AddDays(-14).ToString("yyyy-MM-dd") -and ($app.revised_score_total -lt 5)){ ##checks and sees if the application has been used by anyone in the organization in the last 14 days. $obj += $app ##Adds the application and the data from MCAS to the array. } } } Start-Sleep -Seconds 6 ##API Connection times out after awhile. This start sleep prevents these issues. } while($applist.count -ge 100) ##Do While loop while there still apps to be pulled $obj | Export-CSV -Path "C:\Script\apps.csv" -Force ##Exports the list to an apps csv Pretty much, the script runs and looks for applications that haven't been used in the last two weeks. If your parser and ADATP logs are constantly up to date, you should definitely have a good list of risky applications to block on your environment. If you have any questions, feel free to post below.
Cloud Discovery - No Users showing up
Hi everyone, I’m using CloudApp Security with a Cisco ASA and Firepower logs being sent to the MCAS. I also have Azure ATP deployed and working. My question, In CloudApp, under Cloud Discovery. The dashboard, Discovered App and IP Address dashboards are all populated but NOTHING under users. What data feeds populates the user’s dashboard under Cloud DiscoveryRecording of Cloud App Security Intro Webinar
Thanks to those of you who joined our introductory webinar for Microsoft Cloud App Security. For those who couldn't make it, you can find the recording at https://youtu.be/dUoicG0Hc-o. Also, thanks to Sebastien Molendijk for an informative presentation. If you'd like to ensure you're notified of future calls, please join our community using the instructions at https://aka.ms/SecurityCommunity.
We are unable to see the discovered apps dashboard details in MCAS console
Hello Everyone, Trust you are all safe and well during this pandemic. Can somebody please help me to understand why data is not reflecting in the below dashboard? 1. Is there any plan to enhance the UI functionalities from MS side and is this part of it? Looking forward to know this. Thank you, Kind regards, Maheswara.Meet the Cloud App Security team at Ignite!
Are you attending Microsoft Ignite in Orlando later this month and would like to meet the Microsoft Cloud App Security Engineering team 1:1 ? Send me a PM via Tech Community and we'll setup some time during the event to discuss all the product questions you may have!Assess GPDR readiness with Microsoft Cloud App Security
Microsoft Cloud App Security now provides new risk assessment capabilities to help you determine if the cloud apps and services used across your organization are compliant with GDPR requirements! Read about all the details in our latest blog post on the https://cloudblogs.microsoft.com/enterprisemobility/2018/05/30/assess-gpdr-readiness-with-microsoft-cloud-app-security/. On May 25, 2018 the European Union’s (EU) https://ec.europa.eu/info/law/law-topic/data-protection_en (GDPR) went into effect. The GDPR imposes new rules on organizations that offer goods and services to EU citizens, or that collect and analyze data tied to EU residents, regardless of where the businesses are located. It establishes strict privacy requirements, governing how you manage and protect personal data, while respecting individual choice – no matter where data is sent, processed, or stored.
Trying to understand the difference cloud app security
Hello I am trying to understand the difference between adding an application to "cloud app security" by searching "Cloud Discovery" for the app and selecting "Use with conditional access app control" vs. creating a CA policy for the app and selecting "Use conditional Access App control" ?Autht cloud app security
Hello I have setup an authentication context and published it to CA polices. The Authentication Context name is "trusted device". I created the CA policy per below . When i log into the application from a non trusted device, and do a copy and or paste, i should be getting prompted from cloud app security to step up authentication, but i dont. Any help is greatly appreciated In cloud app security i created session policy , category = "Compliance". Below are the settings
