TagSecurity & Compliance

S for Security in EMS – Cloud App Security

Last but not least in my blog post series “S for Security in EMS” is about Microsoft Cloud App Security!

Microsoft Cloud App Security is a CASB (Cloud access security broker) service delivered by Microsoft that will give you several features to protect your data, users and cloud services. MCAS is giving you a great insight on

  • Shadow IT visibility
  • Cloud applications usage
  • Notifications when users take advantage of new Cloud applications
  • Dive into specific applications, users or ip addresses

Microsot Cloud App Security comes in two editions – Microsoft Cloud App Security and Office 365 Cloud App Security

To see differences in features have a look at docs.microsoft.com here

With both editions you can easily upload your firewall logs to MCAS and get a analysis on what users are using of Cloud applications from your office network or you can configure reverse proxy features with Conditional Access and MCAS giving you great insight on what applications users are using with Azure AD integration and files shared across other services outside of Office 365.

When creating a new snapshot report (aka firewall log upload) the data goes through several steps like file parsing, data analysis and then the report is created.

This is a sample on how the report could look like and what can be discovered.

Note that here you see Open Alerts on Cloud applications users are using, how many GB of data is being uploaded to what applications and much more!

Next up you also get som pritty nice alerting out of the box.

There is 26 enabled policies that will govern your environment looking for leaked credentials, multiple failed logons, imposible travel and much more

Take a look here at some alerts on imposible travel

The alert gives us rich information on IP addresses, country, what service is used and witch user are affected. A great tool to investigate a account breach!

Some of the policies available

That in mind!

Microsoft Cloud App Security or Office 365 Cloud App Security is a greate tool to use within your organization!

S for Security in EMS – Overview
Part 1 – S for Security in EMS – Azure AD Premium
Part 2 – S for Security in EMS – Information Protection
Part 3 – S for Security in EMS – Microsoft Intune
Part 4 – S for Security in EMS – Advanced Threat Analytics
Part 5 – S for Security in EMS – Cloud App Security

AIP is deprecated, move to Unified labels now!

At 06.01.2020 Microsoft released the deprication notice for Azure Information Protection client and Label management in the Azure portal. The service is deprecated as of March 31, 2021.

The notice is telling us that within 15 months you all need to migrate all your labels from AIP in the Azure portal over to the new Unified label experience within Office 365 portals.

You find the new label management in several places;

So heres a easy pointer on how to migrate you labels from Azure Information Protection to Unified labels within Office 365.

Navigate to portal.azure.com and head into the Azure Information Protection pane.

From there click on “Unified Labeling” in the left menu and acitvate it.

When this is done you can start using the Unified labeling clients and stop rolling out the classic Azure Information Protection client.

Please keep in mind that you need to have a specific version of Office applications installed on your machine or phone.

  • Windows Desktop – 1910 or higher
  • Mac Desktop – 16.21 or higher
  • iOS mobile – 2.21 or higher
  • Android mobile – 16.0.11231 or higher

For the licensing part here is the license requirement to use Sensitivity labels.

  • Microsoft 365 E3 or above
  • Office 365 E3 or above
  • Azure Information Protection P1

For more advanced use like Automated labeling with sensitivity labels you need to go to E5

  • Microsoft 365 E5
  • Office 365 E5
  • Azure Information Protection P2

© 2020 IdefixWiki

Theme by Anders NorénUp ↑