MCAS Webinar Recordings
Below are the links to the recordings of the MCAS webinar sessions (registration here: https://aka.ms/MCASWebinar). The links are the same ones used to join the webinar, which is why we can post them before the webinars have taken place. NOTE: We are currently experiencing a problem with many of these recordings. The links that do not work have been temporarily removed until the problem is resolved. We are working to resolve the problem as quickly as we can. Thanks for your patience. If you were unable to join us live, but have questions about something covered in the webinar, you can ask them at https://aka.ms/MCASQandA, or, as always, feel free to make a post on this MCAS Tech Community group with your question. To ensure you hear about future MCAS webinars and other developments, make sure you've joined out community by going to https://aka.ms/SecurityCommunity. We hope you'll join us!CAS Playbook Now Available
We’re excited to release the CAS playbook: http://aka.ms/mcaspoc It will guide you through the process of setting up CAS, both in a proof of concept environment, and in production. It will help you configure it throughout your deployment, using simple step-by-step instructions. Enjoy!MCAS Deployment Webinar Series
Want to learn how to deploy Microsoft Cloud App Security (MCAS)? Our webinar series will walk you through it: https://aka.ms/MCASWebinar The series will be hosted by our engineering team on Tuesdays (3:00 pm ET / 12:00 PM PT) and Thursdays (10:00 AM GMT) between March 12th and April 18th. The topics covered in this series are: 1) Use Microsoft Cloud App Security to protect your sensitive information anywhere in the cloud. 2) Leverage state of the art threat detection capabilities to quickly detect and remediate threats across your cloud apps. 3) Monitor and control user actions across your cloud apps in real-time using Conditional Access App Control. 4) Discover the use of Shadow IT in your organization, evaluate the risks and start managing them. 5) Stay protected across all your apps, by connecting 3rd party applications. 6) Simplify your SecOps' life by automating security workflows with Cloud App Security and Microsoft Flow. We hope you'll join us!Let's automate! Check out our latest blog post on the new integration of MCAS and MS Flow
MCAS now integrates with MS Flow to provide centralized alert automation and orchestration of custom workflows for 1st party and more than 100 3rd party connectors! Read the full blog post for use cases and all the details!MCAS Webinar Q&A
Many people have registered for our webinar (https://aka.ms/MCASWebinar). We're thrilled to see such interest, but it also means we'll likely get a large volume of questions on the call, and it may not be possible to respond to every one in real time. We will do our best to get your question answered directly on the call, and we'll have several dedicated team members just to respond to the questions; however, I wanted to provide an additional mechanism for any questions we're unable to get to. This post will be used for any questions that didn't get addressed on the call. We'll be reviewing the transcript of questions after the call and we'll post answers here. This may take a day or two, so please check back soon. If you were unable to attend the call, note that you can find the recordings here: https://aka.ms/MCASRecordings. Feel free to reply to this post with any questions you have.
MCAS [Activity Policy] Log on from an outdated browser - current Teams client triggers alert
TLDR: Microsoft Teams client triggers 'Log on from an outdated browser' alert policy After enabling the MCAS - Activity Policy - 'Log on from an outdated browser' our current up-to-date desktop Teams client triggers the alert. I spent quite some time with the user discussing their configuration and thankfully a colleague correlated the 'Sign-in Logs' from the AAD blade and we could see the below 'User Agent's from the same workstation: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Teams/1.4.00.22472 Chrome/85.0.4183.121 Electron/10.4.3 Safari/537.36 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 The latest production release of Teams is 'Teams/1.4.00.22472' and it is evidently running Chrome/85.0.4183.121 (Chromium) in the back end which is flagged in the 'User agent tags' of the alert as 'Outdated browser'. The default template should exempt this use case. Knowing the above I've attempted to add an additional filter 'User Agent String' and 'does not contain' 'Teams' - this has no affect on the results leaving me with the suspicion that the full user agent string as above is not passed through. If this is the case then why is it an available filter? It would be great to see this addressed or advice on what I've missed to get this working. Thanks
Allow only Outlook desktop app to exchange online
Hi all, We our looking for ways to get more control for accessing Exchange online from a BYOD device. No user can connect from Windows and MacOS with any type of client. Is it possible with MCAS to block all other mail desktop clients and only allow Outlook desktop? Can this be done with MCAS? or do I need another Microsoft 365 solution? Thanks for the help and information kind regard's Finn
