SHIFT

--- Sjoerd Hooft's InFormation Technology ---

User Tools

Site Tools


Sidebar

Recently Changed Pages:

View All Pages


View All Tags


LinkedIn




WIKI Disclaimer: As with most other things on the Internet, the content on this wiki is not supported. It was contributed by me and is published “as is”. It has worked for me, and might work for you.
Also note that any view or statement expressed anywhere on this site are strictly mine and not the opinions or views of my employer.


Pages with comments

View All Comments

o365cloudappsecurity

Cloud App Security

Cloud App Security is part of the E5 EMS license structure and provides some good insight into what's going on in your Office 365 cloud environment.

Getting Started

The portal can be reached from the office365 Admin portal: https://portal.office.com → Admin Centers → Cloud App Security. This will patch you through to something like: https://COMPANY.portal.cloudappsecurity.com. Or you can access the portal directly through: https://portal.cloudappsecurity.com

Access

All global admins have access to the Cloud App Security Portal. You can also add people to the Security Readers role in https://portal.azure.com → User → Directory role. And finally you can grant users access inside the Cloud App Security Settings → Manage Admin Access

  • Global Admin: Admins with Full access have full permissions in Cloud App Security. They can add admins, add policies and settings, upload logs and perform governance actions.
  • Security Reader: Has read-only permissions and can manage alerts.

OAuth Apps

You can use Cloud App Security to get an overview of all apps that are authorized by users to access Company data.

  • Go to Investigate → OAuth Apps

Manage App Registration

By default, users can register apps themselves and consent to data access. You can disable this by setting these two settings:

  • Azure Portal → Azure Active Directory → Users → User settings → App Registration → NO
  • Azure Portal → Azure Active Directory → Enterprise Applications → User Settings → Users can consent to apps accessing company data on their behalf → NO

Manage Registered Apps

Once the apps are registered you can Approve or Block them in the Cloud App Security Portal:

  • Select the App in the Manage OAuth Apps overview
  • You can Approve or Block the app on the rightside of the screen

Remove Individual User

You can remove an individual user from access to an app which is convenient if you don't want to block access to the app for the entire company in a single click. You need to take two steps, you need to configure the app to require user assignment (only once) and then remove the individual users.

Enterprise App - User assignment required

  • Go to Azure Active Directory → Enterprise Applications and select the application
  • Go to properties → User assignment required → YES

Enterprise App - Remove User access

  • Go to Azure Active Directory → Enterprise Applications and select the application
  • Go to Users and Groups and select the user. Click Remove.

It might take up to an hour for the setting to take effect (time measured when testing) but then the user gets an notification that the application is no longer available.

Overview Shared Data with External Guests

To get an overview of data that is publicly shared or shared with external guests:

  • Go to Investigate → Files
  • Set Access Level as appropriate, for example External

If you have the need to unshare files you can do so:

  • Select the files by clicking the document icon in front of the filename.
  • At the top three vertical dots appear, click them
  • Select Make Private

Alerts

Go to the Alerts dashboard to view the open alerts. If required you can set to receive emails for these alerts in your own admin settings. Go to your profile → User Settings → Notifications (note that your account needs a valid email address).

Policies

The alerts gets triggered by policies that are maintained by Microsoft. You can setup your own policies as well, or modify the default policies. To do so:

  • Go to Control → Policies
  • Select the policy you want to modify
    • You can change the scope to include or exclude specific users
    • Or configure the alerts to be sent to a specific mailbox (Alerts → Send alert as email → Enter the email address)
    • Or set to notify or suspend the user (Governance → Notify user / Suspend User)

Resources

You could leave a comment if you were logged in.
o365cloudappsecurity.txt · Last modified: 2021/09/24 00:25 (external edit)