Cloud App Security

Welcome! You can use this site to give feedback directly to our engineering teams that build the security products you rely on. You can suggest features or design changes, and vote on suggestions others have made. If you would like to further engage our engineering teams, please join our Security Community by visiting https://aka.ms/SecurityCommunity.

To learn more about Microsoft Cloud App Security or try it out, visit the product page.

  1. The ability to apply JIT on a VM to an Azure Firewall while both resources are residing in different subscriptions.

    We are using a Hub and Spoke architecture, because of some customer requirements we have different subscriptions for our Hub and Spokes.

    HubSubscription
    In this subscription we have our Azure Firewall and this firewall has public IP's assigned to it.

    SpokeSubscription
    In this subscription we have a VM, we enable JIT on this VM, this VM has no NSG, now have deployed UDR to route all traffic to our Azure Firewall.

    Above Subscriptions both have their own vNET and they are peered together in combination with UDR to provide connectivity.

    We would like to use JIT from the VM in…

    29 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am a partner  ·  Flag idea as inappropriate…  ·  Admin →
  2. MCAS policy session alert should provide upload destination or URL

    MCAS policy session alert should provide upload destination (URL) so that we can determine the intended destination/location of the upload. For example is it to a US Sharepoint or EU.

    From a GDPR perspective we can then block the upload/transfer of personal data outside the EU and EEA areas when the AIP label classification is GDPR.

    18 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
  3. Reference for REST API

    There are lot of information that you could get from REST API in MCAS.
    However, it is hard for user to understand the meaning of the fields by themselves since there is no reference for the fields.
    Therefore, it would be really great if the information of fields are added to the current API documentation.

    18 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am an employee of Microsoft  ·  Flag idea as inappropriate…  ·  Admin →
  4. Display MAC address

    Since the IP address is dynamically distributed, the terminal cannot be accurately identified by the IP address. I want to be able to display the MAC address.

    22 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
  5. Disable app connector by customer

    It would be very nice if you could disable app connector by yourself.

    20 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  I am an employee of Microsoft  ·  Flag idea as inappropriate…  ·  Admin →
  6. Add new filter option "last-modified-by-user" to file policies in MCAS

    We would like to have a new filter option added to file policies in MCAS such that we could filter on the "last modifying user" of a file / document.

    Today this can be done using activity policies but it's not possible with file policies unfortunately.

    Our use case is as follows:
    Most of our documents within O365 are not labeled with AIP labels and we're trying to change that. We'd like to scan these files with MCAS for sensitive content and then in case a particular keyword is found automatically apply the AIP label and notify the "last modifying…

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
  7. Session control policy, Cut/Copy allow a defined number or characters to be copied.

    Hello, would it be possible to allow a defined number of characters to be copied to the clipboard using a session control policy. Currently you can only allow or block. Users rely heavily on the clipboard, blocking it altogether significantly hampers user adoption or this technology.

    Allowing 40 or 80 or 100 characters would improve usability without compromising security.

    Thank you

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
  8. MCAS

    This is for MCAS.

    1) Analyst should be able to assign the alerts to their name ,so that other analyst can see who had assigned that alert.
    2)Analyst should be able to add comments to the alert ,currently an alert can be added only while resolving or dismissing an Alert.

    Regards,
    Dhirendra

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
  9. Extended File Metadata Support

    Cloud App security does not currently support the extended file metadata that is saved to a file when it is stored on a SharePoint Online document library. This would be hugely beneficial with applying File policies to existing SharePoint libraries that make use of custom selection properties for files.

    34 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
  10. Conditional Access App Control for Windows Virtual Desktop

    Windows Virtual Desktop (WVD) is not supported for CAAC now. I'd like to be supported to make environments more secure. Thank you.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
  11. Modify a specification of impersonated activity detection.

    As for impersonated activity detection on Cloud App Security, there is one strange operation as follows.


    1. When a team is created on Microsoft Teams, Office 365 Groups with mailbox and email address are generated automatically.

    2. If a general user posts something on its team, the posting will be saved in the Office 365 Groups mailbox with the Office 365 Groups email address.

    3. It is the user who posted. On the other hand, it is the Office 365 Groups email address that saved the post in the mailbox. Therefore, it is detected as an impersonated activity and an alert is triggered.
    31 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
  12. Better SharePoint filters

    SHarepoint filtering is very limtied. I cannot for instance filter on a site and subsites, or a site collection. If i wanted to apply a HIGHLY RESTRICTED AIP Label to a site collection that was Highly secure or restricted, I would have to parse and loop though all folders within the document libraries within a site and any subsites manually.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am an employee of Microsoft  ·  Flag idea as inappropriate…  ·  Admin →
  13. allow suspension of accounts to work with on prem ad

    Currently this is the case
    If your Azure Active Directory is set to automatically sync with the users in your Active Directory on-premises environment the settings in the on-premises environment override the Azure AD settings and use of the Suspend user governance action is reverted.
    For people with on prem AD this is actually useless and provides no security for our data. The solution would be allow to block sign-ins still and where this attribute was set by cloud app security not allow AD sync to override it. Without this capability there is no protection for on prem AD customers.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
  14. Overwrite existing labels using MCAS AIP integration

    We would like the ability to overwrite existing AIP labels using MCAS automatic AIP integration. A use case would be to replace a less-restrictive label with a more restrictive one upon upload/download.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
  15. Allows users to be assigned to alerts, and be able to leave comments on alerts

    I would like me and my team to be able to either assign alerts in MCAS to a security team member or allows some type of comments/notes for an alert to help track progress when investigating this alert, instead of using outside tools to track the progress.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
  16. Configuration for outdated user agents

    It would be beneficial to be able to configure what user agents are considered outdated, in terms of how outdated it is. For example, raise an alert if the user agent is outdated for 3 months.
    While it's ideal to have the latest browser versions, it's not always possible.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
  17. There are two "App Connectors" items on health state of CAS..

    We can check health state of CAS on bellow.
    https://status.cloudappsecurity.com/

    You can see two "App connectors" items on US2 data center. If there are any differences between them, we need explanation. Or it supposed to be fixed if it's a careless mistake.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am an employee of Microsoft  ·  Flag idea as inappropriate…  ·  Admin →
  18. Show Health State graphically as a Government Data Center

    We can check health state on the website bellow.
    https://status.cloudappsecurity.com/

    There is a difference between "Gov US1" and others. I understand there are more strict requirement for the government data center. But if all data center's state will be shown graphically as gov one, user can see much easier and faster.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am an employee of Microsoft  ·  Flag idea as inappropriate…  ·  Admin →
  19. Want more details about health state of CAS

    Actually we have status site of CAS already.
    https://status.cloudappsecurity.com/

    But, there are no explanations about those items. (There is Docs, but not enough to be honest.)
    https://docs.microsoft.com/en-us/cloud-app-security/troubleshooting-status

    CAS users must be happy if there is a website that explain about it.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am an employee of Microsoft  ·  Flag idea as inappropriate…  ·  Admin →
  20. Provide the ability for MCAS alerts to call a webhook

    Policies in MCAS can currently send an email alert but for people using chatops, the ability to send the alert via a webhook would be very useful.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 6 7 8
  • Don't see your idea?

Feedback and Knowledge Base