MS Cloud App Security vs. O365 Cloud App Security
Hello everyone! I've found it simple to find and compare the differences between O365 Cloud App Security and Microsoft Cloud App Security (i.e. CASB), but fail to see why anyone would sign up for the O365 version, other than simplicity of integration, when the CASB version seems to do everything that it does and more, FORROUGHLY THE SAME PRICE e.g. around $3.50 pp pa. It says in the MS CAS CASB documentation that it's included with the E5 version of EMS (Enterprise Mobility + Security), but that you can buy it as astand-alone product as well. So why would you need to buy the O365 version?? Am I correct in this observation? Can anyone offer any advice? Thank you
MCAS Malware Scanning
I'm trying to understand the malware scanning capability of MCAS. Other CASB solutions transfer documents and data from SharePoint and Onedrive to their datacenter for malware detection and analysis. Is this also true for MCAS malware detection? From my understanding the check is done on data at rest in O365 and in connected apps. is that also true for the sandboxing capabilities that was recently announced ? https://www.microsoft.com/security/blog/2019/03/14/evolution-microsoft-threat-protection-rsa-edition-2/
Apps seen in Cloud app security but not on firewall
Hi According to our cloud app security we have a number of apps graded 3- 4 level security level, so since i have no user info(as the logs come from a checkpoint firewall and are not that integrated) I deciided to look at the firewall. Cannot identify the app concerned at all, how does the cloud app security CASB read these apps ... should i just assume its correct and ask the user if he/she has used this app but then find they no nothing about them? Can anyone enlighten me ? Steve
Cloud App Security Alerts not in realtime?
Hi folks, We've recently started to leverage Cloud App Security as a component of our Security Operations and while testing the impossible travel policy with a custom targeted policy for non typical work locations, we've noticed a significant delay in the alert being shown on the dashboard versus when the event actually occurred. We've seen anything from 90 minutes or worse when we compare the Audit logs in O365 and Azure for when our test users logged in from another location to the actual time we receive email notification from Cloud App Security. While we wait for a response from Cloud App Security support, I thought I might post here and see if anyone is having this same issue.MCAS Policy Creation
I have noticed an increasing number of accounts being compromised, without generating any alerts I have configured in the Microsoft Cloud App Security portal (Ie. Impossible travel activity) Is there anyway to create an alert policy for "Run Command: task MailItemsAccessed" when it happens outside of the US? For example the activity above would generate an alert because the task MailItemAccessed occurred in Japan. What would that policy look like in the MCAS portal?Cloud Discovery - No Users showing up
Hi everyone, I’m using CloudApp Security with a Cisco ASA and Firepower logs being sent to the MCAS. I also have Azure ATP deployed and working. My question, In CloudApp, under Cloud Discovery. The dashboard, Discovered App and IP Address dashboards are all populated but NOTHING under users. What data feeds populates the user’s dashboard under Cloud Discoverymcas - malware detection policy
Hi all, just wondering whether or not the malware detection policy is just a "detection" policy 🙂 with no remediation or mitigation impact on the related findings. In other words, once the policy found suspicious files containing malware within SpO or OfB, it only alerts within mcas, but does nothing more on that file like moving to quarantine or similar. Am I right? Thank you Thomas
