"Access to Microsoft Teams is monitored" - Timesout
Hi all, Could you point me in the right direction here, please. We have MCAS in place mostly for session-based policies, however, when attempting to load Teams, it sits on this page going around until it eventually times out: Seems to impact SharePoint too, but Exchange, OneDrive, etc seem fine. I believe due to this that the Teams and Sharepoint apps aren't showing under Conditional Access app control apps: My conditional access policy is scoped to the 'Office 365' apps. Sometimes the above pages don't appear and it goes through with the session-based policies working fine but it is inconsistent. I'm tested on edge, Chrome, Firefox, etc, the same inconsistent issue is present. MCAS tenant is located in West Europe (EU1)
Uploading Palo Alto firewall logs to MCAS and Sentinel
Hi, I'm investigating the best way to get our Palo Alto firewall logs into MCAS and Sentinel. My present understanding is two different log collector methods would be required in parallel. - MCAS - Log collector running in Docker - Sentinel - Syslog server with the OMA agent installed As the documentation is indicates MCAS processing is every 24 hours, I'm assuming the PA firewall logs cannot be passed over to Sentinel on the MCAS connector. Is it possible to run the docker log collector and the syslog via OMA on the same host if it has a high enough specification to take the load?
No recent status for Office 365 App Connector
Busy playing around with this to see what functionality may be useful in my lab tenant, but I seem to be having issues since yesterday. The Office 365 connector is reporting 'No Recent Status' and 'Test Now' never complete's. I've disabled and re-enabled it, and it shows as connected from 10.20am this morning but still no recent status. Looking at Sources -> Log Collector the last data received is "7/14/20, 12:21 AM" forCloud App Security Proxy. My AccesspolicyI have configured is working, andI've tried creating some sessionpolicy's today thatdon't seem to be working. I have zero events/logs coming throughdespite multiple logins on different test accounts. As for my setup I've configured a conditional access policy in Azure AD to use a custom policy for all users, Auditing in O365 is turned on. I've tried removing and re-adding all sorts of things, including re-licencing users for MCAS but I still don't seem to be getting anywhere? Anyone else came across this, is there a tick box or something I'm missing! Many thanks in advance.MCAS - Log Collector - Configuration Not Sending to MCAS
I'm fairly new to MCAS. Am attempting to get an onPrem log collector (docker) to transmit ASA logs to the log collector in MCAS. However, something is not working. This docker instance is running within a hyper-v 2016 guest (Guest: Windows Server 2019). The source is an ASA 5508 sending syslog (level 6) to the docker instance on TCP 20000. Host firewall inbound rule allows TCP 20000 from the ASA. Within Azure MCAS, it shows the log collector is "Connected" - Warning: No data was received since log collection deployment. Make sure you complete on-premises configuration of your network appliances. From a review of a NetMon network trace, run from the host, we are receiving traffic from the ASA on TCP 20000. Netstat does show the server is listening on TCP 20000. Below is docker run command. Have opened a case with MS, but they claim to be new as MCAS and docker. Any ideas why I'm not getting data? docker run --name ASALogCollector -p 20000:20000/tcp -p 21:21 -p 20001-20099:20001-20099 -e "PUBLICIP='internalhost.acme.com'" -e "PROXY=" -e "SYSLOG=true" -e "CONSOLE=xxxxx.us3.portal.cloudappsecurity.com" -e "COLLECTOR=ASALogCollector" --security-opt apparmor:unconfined --cap-add=SYS_ADMIN --restart unless-stopped -a stdin -i microsoft/caslogcollector starter
Conditional Access app control
I have configured a CA policy to use a custom policy for CA app control. When i navigate to cloud app security and "Conditional Access App Control apps" and add an app, i search for Sharepoint. I then receive the message below. When i click "start wizard" its asking for a metadata file. Does this feature not work with O365 applications like SharePoint and Exchange online ? Also if i navigate to polices in MCAS, click on "Conditional access" and create a new session policy i receive the below message. Its asking me to first create CA app control , but as i previously mentioned its asking me for metadata file, but im trying to protect sharepoint online. Very confused here. https://docs.microsoft.com/en-us/cloud-app-security/proxy-deployment-aad
Question on accessing onprem and cloud applications from Intune BYOD Mobile devices
Hi, My Organization is doing a POC for Intune and have plans to migrate to Intune based BYOD solution. We are trying to find a solution to access on-prem and Cloud based applications from Intune managed browser (Edge or Managed browser) on iOS and Android. My understand is, we can use Azure AD Application Proxy as the solution to access Onprem Applications from mobile devices. Andwe can access Clod Applications using Microsoft Cloud App Security. Few of the cloud application we have to access from mobile devices are Sales force, Service Now, Concur solutions ... I am referring the below link to find details about the MCAS solution. https://docs.microsoft.com/en-us/cloud-app-security/what-is-cloud-app-security#architectureAfter going through the above link and couple of videos, I have below questions. 1. Can you confirm my understanding is correct - Azure AD Application Proxy helps t connect to onprem applications and MCAS is the solution to access Cloud Aplications. 2. Our cloud applications have specific access rules where it allows only access from internal corporate network. Can we still use MCAS to access those cloud applications from mobile devices? If there are any ips to be white-listed on the Cloud applications, can you list them? Our cloud applications are ADFS integrated. 3. If there are any guidelines, deployment documents or diagram which would assist, please share. Note: We have a federated Azure AD environment with fall back to password hash sync.Azure AD Application Proxy
Hi All, I have published on premises apps. User is getting the login page but when they login it's showing error Could Not be resolved because : net: :ERR_NAME_NOT_RESOLVED. I have checked internal URL is working but when i trying to login with external network it's showing above error. Regards, Shubham Kumar Singh
