Wednesday, 27 February 2019

MCAS overview MSIgnite London

Work in progress from MSIgniteTour London
Microsoft Cloud app security brokers (CASB) helps manage Shadow IT, detect high-risk OAuth apps, and control high-risk user sessions in real-time for your Office 365 environment.

  1. Azure AD (AAD)
  2. Threat protection
  3. Information protection 
  4. SaaS e.g. box, SPO, ODfB
Shadow IT discovery:
Log collector uses proxy or proxy logs.  Find apps people are using.  
Can write back to block app usage at the proxy.  See people using dodgy saas apps. Supports script generation for most devices.

OAuth e.g. G-suite, attackers faking to get access to user info.  MCAS has risk score for apps used. Show all usage, correct users access.

O365 apps:
Check all apps against score:

MCAS protects for:
  • Malicious employees
  • Malware & ransomware
  • Rogue applications
  • Compromised accounts

Helps investigate abnormal behaviour.  Alert and highlight concerns.  Gain insight into user activity.
Can take action such as lock account, or req re-login.

File security:
Prevent sensitive info in the cloud, uses MIP Framework that uses AIP. Show public internet available info, only show SaaS services business control.  Can also force governance on 3rd party SaaS such as box

Block download of data:
Conditional access, so user using an unmanaged device, route user thru MCAS.  Can calc risk and decide on how they access e.g., an unmanaged device could for MFA.  Lots of controls, boilerplate web access, block, MFA, ...


Post a Comment