With OCAS, you get a much-reduced selection and it’s largely USA-centric PII. With MCAS, for example, you get complete access to Microsoft’s sensitive info types engine which recognises types of information such as passport numbers or even Azure Storage Keys. The session controls you get via Conditional Access App Control are also not as complete as they with MCAS, even for Office 365 applications. You’ll find information about traffic (up and down), associated users, and IP addresses. Logs come from sources such as your firewall appliance or W3C logs. This is part of CAS’s discovery feature set you get in CAD, discussed earlier. If you manually upload logs to an OCAS snapshot report, you can also gain some insight into your third (and first) party cloud usage. Or if a user starts uploading files with file types associated with ransomware, confirm them as compromised. For example, if a user performances an impersonated activity on an unmanaged device, suspend them. Additionally, you can apply governance actions for when activities match.You can also use this for potential malware detection. You can then create an activity policy to alert if these activities occur by certain user criteria, file, IP, device type. For example, you filter to view the activities you are interested in. From the activity log filter, you can create activity policies based on the results of that filter.Recommendation reports for improving your Azure posture, such as audit settings, access to storage accounts, NSG port access, etc.Centralise reporting in a service such as Sentinel.SIEM connections for your Office 365 alerts.Review details of things such as identity events (attempted logins, password resets, etc), and SharePoint list + file events (downloaded, edited, deleted, etc).For example, block the download or cut/copy/paste/print of sensitive information. Lets you impose rules on web-based access to Office 365 services.Again, third-party integration requires full MCAS. I’ve listed these below and note they are all limited to Office 365 or Azure. OCAS lacks some of the advanced features of MCAS such as third party support, anomaly detection, policy settings, and AIP integration, but does have some compelling capabilities for securing your Microsoft 365 estate. This was previously called Office 365 Advanced Security Management and renamed at Ignite 2017 to better represent the relationship with its big brother MCAS. If you have Office 365 E5, your plan includes Office 365 Cloud App Security (OCAS) (not Microsoft Cloud App Security). As the name suggests, with CAD you get the discovery toolkit of MCAS, but nothing else. This is a limited subset of MCAS that lets you manually or automatically upload logs to review cloud usage by your users. If you have Azure AD Premium P1, you get Microsoft Cloud App Security Discovery (CAD). What else is available in lesser subscriptions? Of course, every penny’s a prisoner, and you don’t want to pay any more than you do already. In all cases, you’d need to make sure it includes or you also get a license for Azure AD Premium for the reverse proxy benefits, delivered via Conditional Access App Control. It’s included in Microsoft 365 E5 and numerous other licensing subsets, including EMS E5, E5 Security (an add-on for Microsoft 365 E3), Information Protection & Governance, or standalone. MCAS started life as Adallom prior to Microsoft’s acquisition of that company in 2015. It includes tools such as reverse proxying to control sessions and sits inside the Microsoft Threat Protection stack alongside Defender ATP, Office 365 ATP, and Azure ATP. Microsoft Cloud App Security (MCAS), Redmond’s cloud app security broker (CASB) offering, is a powerful tool for investigating and pro-actively controlling your SaaS estate.
0 Comments
Leave a Reply. |