How to get Sharepoint online into Conditional Access app Control
Hello What are the steps to add sharepoint online into Conditional Access app Control ? When i add a new app then search for Sharepoint i get the message below. When i click on the "start wizard" its asking me for saml xml data. Is this the proper way to add SharePoint online to Conditional Access app Control ?
Configure Palo Alto Panorama for Cloud App Discovery
Below are the steps I've taken to integrate PaloAlto Panorama Traffic logs to Cloud App Discovery. In this setup, multiple PA Firewalls are configured forward their logs to Panorama. Check the Palo Alto guides for how this is setup. Your thoughts and feedback is much appreciated. Follow the Microsoft guide to setup a log collector for MCAS. I've settled with the Docker for Ubuntu on Azure after multiple failed attempts with RHEL 8.1. For Step 3 - On-premises configuration of your network appliances log into Panorama, make sure Context Panorama on the top left is selected. Select the Panorama tab and Server Profiles -> Syslog on the left hand menu. Select Add to create a new Syslog Server Profile Enter a Name for the Profile - i.e. MCAS Log Collector Select Add in the Servers tab and provide the details for the collector server, i.e.:Name: MCAS Server Azure IP: <<Log Collector IP>> Transport: as per your collector config, i.e. TCP Port: as per your collector config, i.e. 601 Format: BSS Facility: LOG_USER Select Ok to save the Syslog Server and Profile. Go to Collector Groups and select the "default" Collector Group. Select the Collector Log Forwarding tab, then the Traffic tab. Select Add and give the Log Setting a name, i.e. MCAS Logs Set filter to All Logs Select Add in the Syslog field and select the MCAS Log Collector. Select Ok, and Ok again, then save and commit your changes. Done. Follow on with Step 4 - Verify the successful deployment in the Cloud App Security portal in the Microsoft guide.File Policy: Change stale externally shared files from modified to created with same parameters
Hello, So I applied a file policy which works great with our organization which is the "Stale externally shared files". This File policy detects any files shared externally that have not been modified for X amount of days. My question is, can I change this modified parameter so that instead of modified, it's created? Here's a screenshot of what I mean.   When I add the Created parameter, it only gives me data ranges instead of by days like in the last modified parameter. Is this a customized parameter that comes with the policy? Can I replicate it with Created? How can I make it so that it can detect any files that were created more than X days, to apply governance actions? Thank you!Cloud app Security client certificate
Hello all, i am following the below article on how to configure cloud app security to work with client certificates. I am currently using the demo cert that is called out in the article . The client cert has been added to the user cert store on the local machine, and the root cert was imported into cloud app security. I have also tagged the device with "Valid client certificate" in endpoint manager, (per below) However when i do a search for all devices with tag - "Valid client certificate" i get back zero results. Need help understanding why cloud app security is not able to discover the device that i previously tagged ? https://docs.microsoft.com/en-us/cloud-app-security/troubleshooting-proxy#client-certificates-are-not-prompting-when-expected
Barracuda Web streaming logs in incorrect format
Hi, We have a Barracuda F-Series Next Gen firewall being used for VPN. I would like to use the web streaming service available in Barracuda to send the log files to MCAS. I've configured a log collector and the files are being received and sent onto MCAS. However the governance log is stating the format is incorrect. I've raised the case with Barracuda as to what the format should be and they have validated that the config from their side looks correct. Has anyone had experience with Barracuda web logs and MCAS setup and could anyone point me to how I can view the the log files being received by MCAS to share with Barracuda? Unfortunatley I dont have an alternate Syslog server to send the files to. Any advice would be appreciated.
A Teams' SharePoint online file activity not logged in MCAS
We have file activity enabled in MCAS. I can filter the activity by SharePoint online and see activity. The file activity, however, for a SharePoint online site connected to a Microsoft Teams is not being captured in MCAS. Changing the app filter to just Microsoft Teams returns no results. Are we missing a configuration setting or is this a defect?
