MS Cloud App Security vs. O365 Cloud App Security
Hello everyone! I've found it simple to find and compare the differences between O365 Cloud App Security and Microsoft Cloud App Security (i.e. CASB), but fail to see why anyone would sign up for the O365 version, other than simplicity of integration, when the CASB version seems to do everything that it does and more, FORROUGHLY THE SAME PRICE e.g. around $3.50 pp pa. It says in the MS CAS CASB documentation that it's included with the E5 version of EMS (Enterprise Mobility + Security), but that you can buy it as astand-alone product as well. So why would you need to buy the O365 version?? Am I correct in this observation? Can anyone offer any advice? Thank youUsing MCAS to block file upload to SharePoint Online based on (external) file property?
Hi, With MCAS (by file policy or by Conditional Access App Control), would it be possible to act on single file if specific file property matches search criteria? E.g. if any value in multivalued property "Tags" in Office file matches "testtag01" or if any value in multivalued property "Keywords" in PDF file matches "testtag01". I've tried with O365 DLP, but with traditional Office 365 DLP issue is that those properties are not indexed in SharePoint search index by default and therefore DLP wont detect those.
File or Access policy to restrict file downloads
Hello, We have multiple web applications that are built to be accessible outside of our corporate network. Some of the important features are to be able to generate PDFs and print. Is there a way to setup file or access policies that will restrict file downloads and temporary files to be only saved to corporate OneDrive or SharePoint? This is possible on Office Web Applications and Intune using MAM. Can this be done for Custom applications using MCAS?
Microsoft Cloud App Security Session Policy For .PDF Viewing
Currently we have a session policy in Microsoft Cloud App Security that blocks all file downloads while using Outlook Web which still allows attachment viewing. This works great for all Office documents however .PDF attachments cannot be viewed because they perform a download when previewing them. The only workaround is allow .PDF attachment downloads only. Will there be any future enhancements in MCAS that will allow .PDF viewing while still blocking downloads? Previewing or printing PDF files may be blocked This is normal behavior when you have a policy configured to block downloads. Occasionally when previewing or printing PDF files, apps initiate a download of the file causing Cloud App Security to intervene to ensure the download is blocked and that data is not leaked from your environment. If you would like to allow PDF file downloads, you can exclude PDF files based on their file extension in the relevant session policy.
Restricting access to 'anonymous' Teams Meetings in other tenants for specific users
We utilize the M365 IP service to let users in our firewall access to M365 services, including Teams. We use tenant restrictions in our firewall to ensure they are only connecting to our tenant, with AAD certificate auth & MFA using CA. However, because teams is on the network whitelist - meeting invitations from other tenants can be sent and joined anonymously - providing a pathway to exfiltrate data from an otherwise secure endpoint. Our only solution is to hard block the URLs involved in Teams - but we would like these higher security users to use Teams with Information Barriers - but can't allow them to get these meeting invites to other organizations uncontrollably. This would be a great CAS feature, to identify anonymous teams meetings and allow for alerts or restriction.
