![]() ![]() To for instance put the user in quarantine, remove the collaborator or look at the users activities for instance, but this is just an example of policy uses. Now I have some pretty advanced features I can do directly from the alerting pane Now If I go back to the dashboard I can see that I have an alert being triggered after it has scanned the Office365 shares.īingo! “Recent Alerts: File Shared with unauthorized domain” now it was triggered because I have a one drive where I’ve shared something with an external user I hate regex, but they ahve given some good example here how to use the filter policy part –> I can also specify governance rules, which allows me for instance to do automatic quarantine of the user which has done this for instanceīut I just leave it at default and click Create. Now moving down the policy I can also, specify the policy to do content inspection on the files, to search for some specific content in the files. So here I specify which app this policy is going to be aimed at which is OneDrive for Buisness. ![]() I choose a default template which is aimed at sharing data with uauthorized domain So now I wanted to create a policy which showed if some users were sharing any files/folders from OneDrive for Buisness with competitors or excluded domains for instance, so I went into Control –> Policiesįrom there I choose to create new policy based upon file policy. ![]() First I setup a connection with Office365 and the other applications which was pretty easy since I already had a Office365 tenant with my account Now I didn’t have any firewalls I could do log shipping from so I just used the built in app connector to Offiec365 to see how it worked. Now in most cases that might not be enough, for instance an application might not have opened their APIs to dig down into the material, but Cloud app Security can also use uploaded traffic logs from on-premises proxies and firewalls like Palo Alto, Cisco, Forefront and such and also hypervisor, which allows it to collect larger amounts of data and digest it ( Here is a list of supported network devices –> ) Now it can integrate directly to different cloud applications using connectors which leverages the apps API’s to search and identify risks. (Here is the list of supported Cloud Appilcations and API’s ) Another example might just be that an user clicked wrong and shared data with ALL external resources for instance. Up until now, alot of the products in the EMS space have been aimed at controlling the endpoints (Intune), controlling and protecting the data (Azure information protection), and protecting the user (Azure AD) and with Cloud App Security, it is more of controlling the data flow and getting if users are violating rules and creating alerts if they for instance are sharing data with the competitors for instance. As part of the new Microsoft Enterprise Mobility + Security E5 or as a standalone product, Cloud App Security is a new product which deliveres alot of cool functionality.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |