Cloud App Security

Welcome! You can use this site to give feedback directly to our engineering teams that build the security products you rely on. You can suggest features or design changes, and vote on suggestions others have made. If you would like to further engage our engineering teams, please join our Security Community by visiting https://aka.ms/SecurityCommunity.

To learn more about Microsoft Cloud App Security or try it out, visit the product page.

How can we improve Cloud App Security?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  1. Modify a specification of impersonated activity detection.

    As for impersonated activity detection on Cloud App Security, there is one strange operation as follows.

    1. When a team is created on Microsoft Teams, Office 365 Groups with mailbox and email address are generated automatically.
    2. If a general user posts something on its team, the posting will be saved in the Office 365 Groups mailbox with the Office 365 Groups email address.
    3. It is the user who posted. On the other hand, it is the Office 365 Groups email address that saved the post in the mailbox. Therefore, it is detected as an impersonated activity and an…

    17 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
  2. Activity Policy - Ability to Filter Location by City and/or State

    For activity policies, we would like to see the ability to filter by location using city and/or state metadata; not just by country. For example, when scanning for all US based activities (actions/logins), we receive alerts all US based ISP's. I can utilize categories or tags to create lists of known trusted corporate IP addresses, but when employees log in from home, hot spots, airports, etc.…we end up with 1000’s of potential false positives. If I could filter based on city, that would help eliminate triggering governance for 1000’s of false positives. For now, I am stuck only looking for…

    5 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am a partner  ·  Flag idea as inappropriate…  ·  Admin →
  3. Add file filter to show all files "quarantined from" a particular folder.

    Would be great if we could leverage the existing data that is presented in the "Quarantined From" file path to create/add a file filter that would easily filter to all files that were once in that folder but were administratively quarantined. This way, if a user needs me to restore an entire folders worth of files, I could apply that filter and bulk restore all the results since they were all "Quarantined From" the same folder.

    3 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
  4. About the health of Cloud App Security

    We are looking for items that can confirm the health of Cloud App Security.
    For example, We think that it is useful if there is an item such as Azure that can check the health if the log is not output or the output is delayed.

    https://azure.microsoft.com/en-us/status/

    2 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  5. Add Slack as a connected app.

    Would assist with visibility of user activity on Slack. Other CAS solution already have this integration.

    3 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
  6. Add Support for Ubiquiti UniFi Security Gateways

    I would love to see support for Ubiquiti UniFi Security Gateway (firewall) products.

    49 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  I am a partner  ·  Flag idea as inappropriate…  ·  Admin →
  7. Provide some documentation on the details of what the "Enable File Monitoring" setting does.

    There is no documentation on what the "Enable File Monitoring" setting does. It would be helpful to understand the details of what this setting does.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
  8. create a connector status backlog table

    the number of connectors is fairly limited; but you allow suggested connectors - but no list of what is in the backlog of connector that will be made available.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
  9. Extend Data Inspection services to Bahrain ID's

    As i being a customer in Bahrain,
    the current available classification information is not extended to Bahrain Government ID's

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
  10. Layer MCAS Policies

    We'd like to be able to spawn notifications if several policies are triggered by the same user within a time-frame. For instance, we'd like to be alerted if a user trips off "Activity from infrequent country" AND THEN sets up "Suspicious mail forwarding" or conducts "Unusual file deletion activity"

    8 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add the Enable/Disable functionality in the Edit Policy screen.

    Right now you can enable/disable MCAS Policies in the Control -> Policies view - where you click on the button the right.
    The title of the policy has a [Disabled] appended to the displayname.

    It would be great if the enabled/disabled was visible and selectable once you have opened the actual policy.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am a partner  ·  Flag idea as inappropriate…  ·  Admin →
  12. Multi-tenant support for App Connectors like Office 365 and Azure

    I have a customers which have lots of tenants and they would like to aggregate all the security logging into the same centralized MCAS solution. But since it doesn't seem to be possible today they are pulling all the logs down on-premises for further analysis in their own SIEM.

    I can really see the need for this functionality since many organisations buy other companies and end up with more tenants. If they are going to be able to keep control over the ever increasing security boundary they are forced to download all the logs to their local SIEM.

    2 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am a partner  ·  Flag idea as inappropriate…  ·  Admin →
  13. box other emails as Target

    Customer case: We need to map the "mail" attribute from Active Directory to "other emails" attribute in Box, so that users can use their email address from AD as an Email in Box. The issue is that the “Other Emails” attribute from Box is not available to be mapped. After selecting “Add New Mapping” option, we are able to select “mail” as Source attribute, but we cannot select “Other Emails” as Target attribute. User 1 sends a request to user 2 using anything other than their UPN then box will attempt to create a personal account rather than identifying user…

    3 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am an employee of Microsoft  ·  Flag idea as inappropriate…  ·  Admin →
  14. Delete API Integrations no Longer Needed

    We would like to be able to delete the API integrations in the console to keep a clean state. As of today you can only disable them. Also, being able to delete all their information from the CAS console is ideal as the API is no longer needed.

    2 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
  15. Connect another Azure subscription

    We were looking the option to see/connect another Azure Subscription but there is no option under SaaS applications

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am a partner  ·  Flag idea as inappropriate…  ·  Admin →
  16. upload from Session Border Controllers

    Since Microsoft Teams have introduced Direct Routing with On premise Session Border Controllers, can we have option to upload "syslogs" from Audio codes, Ribbon and other SBC's

    I tried to upload syslogs and it says format is not valid

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am a partner  ·  Flag idea as inappropriate…  ·  Admin →
  17. Oracle Apps?

    Hey team: Are Oracle apps on the roadmap to be added to Cloud App Security? Also, can a custom API be set within CASBY to allow Oracle monitoring and policy deployment?

    5 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  I am an employee of Microsoft  ·  Flag idea as inappropriate…  ·  Admin →
  18. Suppress / Acknowledge Alerts

    We get frequent notifications for travel to infrequent country alerts, but there doesn't seem to be any way to suppress these alerts. It would be nice to be able to tag the user for "legitimate travel" and suppress the alert until after their trip / PTO was scheduled to end. what would be even better would be if CAS could query the user's Exchange calendar and see if an existing OOF reply was set and alert perhaps as informational instead of a warning. It seems like a lot of the information to figure this out more intelligently is already there,…

    19 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
    under review  ·  Niv Goldenberg responded

    Hi Dustin,

    Thanks for the feedback.
    We are looking into different options to gather more information and to intelligently determine if the user is currently “Working normally”, “Working limitedly” when the user is on a business trip for example, “on vacation”, etc.

    Let us know if you have additional idea or thoughts around this topic.

    We will keep you updated.

  19. Create filters for default anomaly detection policies

    We would like to have the option of applying filters to default anomaly detection policies or have the ability to create custom policies that can have anomaly detection's applied.

    eg. a "Activity from infrequent country" policy could be applied to users from domain.com but not sub.domain.com.

    The idea behind this is to reduce white noise for a domain we are not concerned about

    3 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
  20. Cloud App Security DeDup Alerts

    We have created an alert in CAS that alerts us when there is a logon from certain countries as we have found that these tend more than not to be compromised accounts. When creating this alert we chose to have it alert on a single activity. We want to know every single time this happens so we can act upon these and suspend the accounts as quickly as possible.

    The issue that we have run into is that in a very short time we will get tons of alerts from the same user as the malicious actor logs on many…

    10 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4
  • Don't see your idea?

Feedback and Knowledge Base