Connecting to multiple Microsoft services with the same session
Hi guys. Working on a script that needs to connect to ExchangeOnlineManagement, TeamsOnlineManagement, SharePointOnlineManagement.... The script will be used across many different tenants, and I also plan to make it publicly available, so 1) I don't really want to pre-configure some complicated key setup and 2) I don't really want to have login pop-ups over and over again... For ExchangeOnline, I learned (accidentally), if I do this: $upn = Read-Host -Prompt "input yer wahawha" Connect-ExchangeOnline -userprimaryname $upn Connect-IPPSsession -userprimaryname $upn And login to MY tenant, I don't get prompted for login. I think likely because my device is Entra-joined, and it's using my Microsoft account. But even if I use a different account, it will only prompt me once - reusing it for the other. This is great, and exactly how I wanted things to flow - but now I'm trying to do Connect-SPOService (sharepoint) and Connect-MicrosoftTeams... and while both of these are part of the tenant, they don't take the -userprimaryname param - so I can specify to use the account I'm logged into my PC with.. The end-goal is to have this script run with minimal user input. I've SORT OF found a workaround for SharePoint, where I can get the SharePointSite from ExchangeOnline, then modify it a bit and use it as input for Connect-SPOService... but Teams, while it doesn't have the URL param requirement, DOES prompt me to login again. Is there a way to use the existing session for either of these, like I've done with ExchangeOnline / IPPSSession? We have MFA enabled, though not required from within our company network - but when I try to use Get-Credential, it errors me out because it wants MFA.
MCAS API Connector - Connect GCP - Error: Failed to create sink via Stackdriver Logging API
Hi Everyone, I follow the Microsoft official procedure (Link: https://docs.microsoft.com/en-us/cloud-app-security/connect-google-gcp-to-microsoft-cloud-app-security) to connect GCP to MCAS through API Connector. Unfortunately when I'm going to connect GCP the MCAS report the following error: Error: Failed to create sink via Stackdriver Logging API. Any suggestion? Is there a way to solve this issue? Thanks in advance. Regards, Vittorio (Security Team Lead)Lag in Cloud App Security
Does anyone else notice/experience a lag in the logging within Microsoft Cloud App Security? It's more noticeable with connections to other cloud services but even processing rules around revoking rights to for example files flagged as sensitive seems to take longer than what I would describe as acceptable to process (so more than 30 minutes). As a small team, ideally we would like to trust the reporting and actions that this product generates and takes but it just doesn't seem to be consistent.How to get Sharepoint online into Conditional Access app Control
Hello What are the steps to add sharepoint online into Conditional Access app Control ? When i add a new app then search for Sharepoint i get the message below. When i click on the "start wizard" its asking me for saml xml data. Is this the proper way to add SharePoint online to Conditional Access app Control ?
Allow Copy paste only within Office365 in Browser
Hi all, We have a session policy in place to Block Copy and paste in a Browser session, but we would like to allow Copy and paste within Office 365 documents in the browser but Block outside of office 365 and non browser apps. I played around with the settings but can't find the right set of settings. Anyone has any experience with this? Putting it to: Activity: Paste App Does not Equal Office 365 Does not work. Cheers, Hans
Alert on disabled user
Hi, We received a "Suspicious email deletion activity" alert today for activity "Purge messages from the mailbox: ...". The user account is not allowed to sign-in and has no licenses assigned. His MFA is enforced. How could that be? Is it possible that an internal purging process triggered this alert? Thanks.
Failed log on (Failure message: Session information is not sufficient for single-sign-on.)
Hey All, I've recently a few impossible travel alerts in which the anomalous logins had the description "Failed log on (Failure message: Session information is not sufficient for single-sign-on.)". Three of these failed login events where seen but none were from IPs with bad reputation. The error code is 50058 for Office 365 SharePoint Online. Reading the description from https://login.microsoftonline.com/error for the error code, I'm not understanding how this activity would be triggered from an anomolous country without session information being stolen. Could anyone shed any light on this? ThankyouSession control not blocking multiple file downloads
I am testing out MCAS session control to stop file downloads and am unable to block downloads when more than one file is selected. Here's what I have tested: MCAS Session control is triggered happily by conditional access, and configured to stop downloads from OneDrive to unmanaged devices. In the OneDrive folder, if I select and try to download a single file, it gets blocked as expected: But if I select more than one file and pick the Download option at the top of the page, a ZIP file with all selected documents gets downloaded without issue and does not get blocked: Has anyone seen this as well and got a solution, or is this an issue for Microsoft to resolve? It seems like a glaring hole in the controls if it isn't stopped. A colleague has also tested using the preset "Block downloads" option available in Conditional Access and that suffers the same issue (single file download blocked, multi-file download allowed). I tried adding a second session policy to block download of files with ZIP file extension, but that did not work. (Presumably, the original files are not seen to have a ZIP extension so MCAS let's those pass.)
