![]() Therefore, I created this overview to make finding the correct one easier. You’ll notice all of the filters and conditions will be pre-populated for you, so all you’ll need to do is add a name to your policy, select a category to classify your query, include a description (optional), and add any actions that you want to be performed when the policy is triggered.Remembering all the security portals Microsoft offers as part of Azure and Microsoft 365 is hard. We can even take things a step further by turning this query into its own custom policy! To do this, just select the ” + New Policy from search” option below the query. Instead of finding these advanced filters each and every time you want to run this report, MCAS gives you the ability to save a query! To do that, just select the “ Save as” option, name the query, and that’s it! Now when you come into work the next day, you’ll be able to easily find and run that particular query! Since new users are constantly joining the organization, we will want to run this report daily to keep the reports as up-to-date as possible. Advanced threat and data protection for Microsoft Office 365, Google Workspace, and other cloud services. So, in summary, this query is “saying,” find any mobile device with ActiveSync data. To do this, we would need to toggle the Advanced Filters option to On and then select the following filters:Īctivity Type > Equals > ”Log on: OrgIdWsTrust2:process” and “Failed Log On: OrgIdWsTrust2:process” Thanks to MCAS, we’re able to create a custom query that will show us who is using ActiveSync today to properly plan for this change. However, we weren’t entirely sure how many users were leveraging ActiveSync within the environment. Category: Configure, Deploy, Install, Upgrade, Register. To block this, we were going to leverage Conditional Access rules. Logging in to the console of Cloud App Security (TMCAS) Product/Version includes:Cloud App Security, View More. Creating policies allows you to monitor trends and see security threats. Since Exchange ActiveSync is not designed to be used for server-to-server communications in the online environment, the customer wanted to block ActiveSync and instead leverage more modern authentication methods. Prerequisites To complete step one, you browse to the Cloud App Security portal. Microsoft gives you 10 suggested queries to choose from, but in our case, we’re going to create our own! Creating and using the custom queryįor our scenario, I’ll use something we came across with a recent customer, that being ActiveSync. Now that we’re where we need to perform a query, you should see the “ Select a query” option at the top. ![]() ![]() Once there, we’re going to go to the Investigate tab and then select Activity log. One of the great features within MCAS that not many administrators leverage (or even know about) is the ability to save your custom queries! In this blog, we’ll create our own query, and then we’ll highlight how to save the query and even turn that query into its own policy! Let’s get started! Creating a custom query Explore how Microsoft Defender for Cloud, Azure Network Security and Microsoft Defender for Cloud Apps help you strengthen your security posture and defend against threats across your cloud environments. Microsoft Cloud App Security (MCAS) is Microsoft’s Cloud App Security Broker (CASB) solution that provides organizations with simple deployment, centralized management, and innovative automation capabilities. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |