MCAS API Connector - Connect GCP - Error: Failed to create sink via Stackdriver Logging API
Hi Everyone, I follow the Microsoft official procedure (Link: https://docs.microsoft.com/en-us/cloud-app-security/connect-google-gcp-to-microsoft-cloud-app-security) to connect GCP to MCAS through API Connector. Unfortunately when I'm going to connect GCP the MCAS report the following error: Error: Failed to create sink via Stackdriver Logging API. Any suggestion? Is there a way to solve this issue? Thanks in advance. Regards, Vittorio (Security Team Lead)
Access Package Approval automation with our Servicedesk ticketing tool
Hi Team, I am trying to automate all the access package approvals to be logged in our Service desk ticketing tool. Example: When a user requests access, once an approval request triggers from Microsoft it should also log a ticket in our ticketing tool. If the request got approved, the ticket should log this information & automatically gets closed. Our ticketing tool dev team is working on it however, they are stuck in the middle & looking to extract the necessary webhook information required for triggering actions from the Azure solution. Any input or guidance regarding webhook information supported by the Azure solution would be greatly appreciated and would assist us in progressing with the discussed requirements accordingly. Looking forward for your help to achieve this. Thanks, Garima
GSA client exclamation mark, Forwarding policy dosen't exist in registry
Good day, Have difficult time getting Entra Private Access working. Entra portal --------------- GSA > Dashboard > Device Status says : 0 have the Global Secure Access Client installed: 0.0% The client pc is entra joined and is compliant, the client user has Entra ID Suite Trail license assigned. Traffic forwarding > Private access is enabled, have Quick Access application configured for SMB access. User and group assigments is set to a group where the user resides. Microsoft traffic profile and Internet access profile = disabled (as for now i just want to make the Private acces profile working) Enterprise applications = 1 active Connectors are online with status active. Client PC ------ Event log of client pc says the understated: Error occurred while requesting a new forwarding profile: The SSL connection could not be established, see inner exception.. Request Parameters: Microsoft Entra Device ID: 61ma02-9453-1277-98gz-hkdhksa3d0, Correlation vector: kdfhkshfkashdJ.0, APS URL: http://222.178.203.72:19005/whst/63/=ZorzfknaZkrdbtqdZbbdrrzlhbqnrneszbnl//api/v3/AgentSettings?os=Windows%2010&clientVersion=2.8.45.0. The client will continue working with the existing forwarding profile. GSA Advanced diagnostics: Username : empty Tenant ID : empty Forwarding profile ID: empty Client version 2.8.45.0 Health check = is green till Policy server is reachable, after that exclamation mark. https://aps.globalsecureaccess.microsoft.com/api/v3/AgentSettings?os=Windows%2010&clientVersion=2.8.45.0 if i try the above url in the browser then i get invalid request, this means that the client is able to reach the server, which means network or DNS issues are unlikely and the The SSL handshake is successful, and the certificate is valid. Need guidance as to understand why the client is not able to retreive profiles, i am using windows 11. Tried with disabling firewall too. Thanks!
SCIM provisioning - custom app authentication
Hi, in the documentation for handling endpoint authentication, two methods are given: 1) a "long-lived token" (i.e. a secret key that has to be pasted in-clear by the admin) 2) "Microsoft Entra bearer token" - similar to other services (e.g. callbacks for MS Teams bots), Microsoft sign the outgoing calls, and the app being provisioned can validate them against Microsoft's public keys To me, option (2) is by far the best - each message is signed individually, there is no manual handling of secrets etc. As said in the documentation - "Apps that use Microsoft Entra ID as an identity provider can validate this Microsoft Entra ID-issued token." - great! So why on earth does it then say "The token generated by the Microsoft Entra ID should only be used for testing. It shouldn't be used in production environments." ? Why not? The whole system of Entra bearer tokens is only for test? And production should go back to secret keys, with all the problems they have? It doesn't seem right.. What am I missing here?Lag in Cloud App Security
Does anyone else notice/experience a lag in the logging within Microsoft Cloud App Security? It's more noticeable with connections to other cloud services but even processing rules around revoking rights to for example files flagged as sensitive seems to take longer than what I would describe as acceptable to process (so more than 30 minutes). As a small team, ideally we would like to trust the reporting and actions that this product generates and takes but it just doesn't seem to be consistent.
How to get Sharepoint online into Conditional Access app Control
Hello What are the steps to add sharepoint online into Conditional Access app Control ? When i add a new app then search for Sharepoint i get the message below. When i click on the "start wizard" its asking me for saml xml data. Is this the proper way to add SharePoint online to Conditional Access app Control ?
Microsoft Entra Internet Access Location Awareness
Hi all, I'm currently evaluating Microsoft Entra Private and Internet Access (with good result until now). By default, the agent is started meaning that all Internet traffic goes to MS Edge. Is it possible to disable (automatically) the agent based on the location of the computer ? Example, if the device is connected to the corporate network, the service needs to be disabled... Another question, does it detect captive portal in case the device is connected to a "kiosk" network ? And finally (for Private Access), is it plan to support LDAP traffic over UDP and more generally UDP ?? Regards, HAPlans for multi instance app connectors to Office 365 and/or Azure?
Hi! Anyone know if there are any plans for multi-instance support for Office 365 and Azure app connectors? I have a customer which have lots of tenants and they would like to aggregate all the security logging into the same centralized MCAS solution. But since it doesn't seem to be possible today they are pulling all the logs down on-premises for further analysis in their own SIEM. I can really see the need for this functionality since many organisations buy other companies and end up with more tenants. If they are going to be able to keep control over the ever increasing security boundary they are forced to download all the logs to their local SIEM. Thanks in advance!
Create a new user in Power App through register/log-in function
Hi. I am trying to implement the log-in function in Power App. The user should be able to create their own account through Power App and log-in again next time since their log-in data will be saved in a database. In this case, I am using Microsoft Entra ID as my database. This is my code of the "Submit" button in my Power App: MicrosoftEntraID.CreateUser(EnableAccountToggle.Value;EMailTextInput.Text; PasswortTextInput.Text). I dont know what is wrong with my code, because when I try to create a new user account from Power App, the data of the new user does not show on my Microsoft Entra ID. I have already connected my app to the Microsoft Entra ID connector. I have not changed anything at all in my Microsoft Entra ID since having an account for it. Do I have to create a group or something in my Microsoft Entra ID? I really appreciate your advice! You can also recommend other data management tools to me or tell me what your experience with them.
