MCAS API Connector - Connect GCP - Error: Failed to create sink via Stackdriver Logging API
Hi Everyone, I follow the Microsoft official procedure (Link: https://docs.microsoft.com/en-us/cloud-app-security/connect-google-gcp-to-microsoft-cloud-app-security) to connect GCP to MCAS through API Connector. Unfortunately when I'm going to connect GCP the MCAS report the following error: Error: Failed to create sink via Stackdriver Logging API. Any suggestion? Is there a way to solve this issue? Thanks in advance. Regards, Vittorio (Security Team Lead)Lag in Cloud App Security
Does anyone else notice/experience a lag in the logging within Microsoft Cloud App Security? It's more noticeable with connections to other cloud services but even processing rules around revoking rights to for example files flagged as sensitive seems to take longer than what I would describe as acceptable to process (so more than 30 minutes). As a small team, ideally we would like to trust the reporting and actions that this product generates and takes but it just doesn't seem to be consistent.
How to get Sharepoint online into Conditional Access app Control
Hello What are the steps to add sharepoint online into Conditional Access app Control ? When i add a new app then search for Sharepoint i get the message below. When i click on the "start wizard" its asking me for saml xml data. Is this the proper way to add SharePoint online to Conditional Access app Control ?
Allow Copy paste only within Office365 in Browser
Hi all, We have a session policy in place to Block Copy and paste in a Browser session, but we would like to allow Copy and paste within Office 365 documents in the browser but Block outside of office 365 and non browser apps. I played around with the settings but can't find the right set of settings. Anyone has any experience with this? Putting it to: Activity: Paste App Does not Equal Office 365 Does not work. Cheers, Hans
Alert on disabled user
Hi, We received a "Suspicious email deletion activity" alert today for activity "Purge messages from the mailbox: ...". The user account is not allowed to sign-in and has no licenses assigned. His MFA is enforced. How could that be? Is it possible that an internal purging process triggered this alert? Thanks.
Failed log on (Failure message: Session information is not sufficient for single-sign-on.)
Hey All, I've recently a few impossible travel alerts in which the anomalous logins had the description "Failed log on (Failure message: Session information is not sufficient for single-sign-on.)". Three of these failed login events where seen but none were from IPs with bad reputation. The error code is 50058 for Office 365 SharePoint Online. Reading the description from https://login.microsoftonline.com/error for the error code, I'm not understanding how this activity would be triggered from an anomolous country without session information being stolen. Could anyone shed any light on this? ThankyouSession control not blocking multiple file downloads
I am testing out MCAS session control to stop file downloads and am unable to block downloads when more than one file is selected. Here's what I have tested: MCAS Session control is triggered happily by conditional access, and configured to stop downloads from OneDrive to unmanaged devices. In the OneDrive folder, if I select and try to download a single file, it gets blocked as expected: But if I select more than one file and pick the Download option at the top of the page, a ZIP file with all selected documents gets downloaded without issue and does not get blocked: Has anyone seen this as well and got a solution, or is this an issue for Microsoft to resolve? It seems like a glaring hole in the controls if it isn't stopped. A colleague has also tested using the preset "Block downloads" option available in Conditional Access and that suffers the same issue (single file download blocked, multi-file download allowed). I tried adding a second session policy to block download of files with ZIP file extension, but that did not work. (Presumably, the original files are not seen to have a ZIP extension so MCAS let's those pass.)Plans for multi instance app connectors to Office 365 and/or Azure?
Hi! Anyone know if there are any plans for multi-instance support for Office 365 and Azure app connectors? I have a customer which have lots of tenants and they would like to aggregate all the security logging into the same centralized MCAS solution. But since it doesn't seem to be possible today they are pulling all the logs down on-premises for further analysis in their own SIEM. I can really see the need for this functionality since many organisations buy other companies and end up with more tenants. If they are going to be able to keep control over the ever increasing security boundary they are forced to download all the logs to their local SIEM. Thanks in advance!
