Questions on Controlling and monitoring Microsoft Teams workloads.
1 Topic
Questions on Controlling and monitoring Microsoft Teams workloads.
Hi Community, One of our customer raised the below queries: Monitoring and enforcement policies (OCAS and MCAS) and differences between the 2 solutions This https://docs.microsoft.com/en-us/cloud-app-security/editions-cloud-app-security-o365 differentiates things, however, partner is looking for the answers for below specific scenarios. Alert for adding GA or adding users to a security role Alert for Adding external guests to Teams sites Alert for adding user for specific group (Like domain admin) 2. Is monitoring Live? If not what is the delay? According to this https://docs.microsoft.com/en-us/cloud-app-security/proxy-intro-aad, Conditional Access App Control enables user app access and sessions to be monitored and controlled in real time based on access and session policies. Are live monitoring control only application based “web access” or include desktop client such as “desktop Teams, desktop outlook app”? 3. When will the enforcement occur following a monitoring alert? How much time? According to this https://docs.microsoft.com/en-us/cloud-app-security/proxy-intro-aad, it uses aa reverse proxy architecture and is uniquely integrated with Azure AD Conditional Access. Azure AD Conditional Access allows you to enforce access controls on your organization’s apps based on certain conditions as soon as the policy is enabled. When will the enforcement occur following a monitoring alert? How much time? (without reverse proxy) 4. Blocking of upload to Teams site and alerting for sensitive data as opposed to other types of documents. They want to create alerts when someone upload or download files in Teams Specific alert if there is sensitive information in the file. 5. Blocking share options for sensitive data According to this https://docs.microsoft.com/en-us/cloud-app-security/best-practices#block-and-protect-download-of-sensitive-data-to-unmanaged-or-risky-devices, they can use MCAS to Block and protect download of sensitive data to unmanaged or risky devices. Can they do it with OCAS? Can it apply only on web app or include desktop app?6. Risky sign in options under OCAS, real time? Alerts? Enforcement? According to this https://docs.microsoft.com/en-us/cloud-app-security/proxy-intro-aad, it Monitor user sessions for compliance, Risky users are monitored when they sign into apps and their actions are logged from within the session. You can investigate and analyze user behavior to understand where, and under what conditions, session policies should be applied in the future. Can it apply only on web app or include desktop app? 7. Alerting and blocking multiple sign in attempts According to this https://docs.microsoft.com/en-us/cloud-app-security/anomaly-detection-policy, you can create anomaly policies to get instantaneous behavioral analytics and anomaly detection and then block the appropriate activity. Are all the built-in policies that we can see in the OCAS portal can be applied? 8. Blocking options in Teams/SharePoint for sharing options from internal vs external users Blocking / alert for sharing files based on if the user is external or internal user. 9. Blocking or alerting on user connection to O365 portal/O365 services from outside Israel Block and alert if the connection to O365 portal and O365 services was from other country then Israel. Any pointers would be of great help. Many thanks!Solved3.3KViews0likes2Comments