Cloud App Security

Welcome! You can use this site to give feedback directly to our engineering teams that build the security products you rely on. You can suggest features or design changes, and vote on suggestions others have made. If you would like to further engage our engineering teams, please join our Security Community by visiting https://aka.ms/SecurityCommunity.

To learn more about Microsoft Cloud App Security or try it out, visit the product page.

How can we improve Cloud App Security?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  1. MSSP Integration and more

    MSSPs should be able to alter or add additional permissions to the partner portal relative to accessing additional items - like cloud app security. It is a setting somewhere and likely in the azure portal already, but we do not have the ability to modify. This applies to not only just Cloud App Security, but also other security and compliance sections that we are blocked from accessing.

    Complete integration - We should be able to manage it from a single portal - not multiple. We should see an alert and signature, but the data itself should remain segregated on a…

    1 vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      1 comment  ·  I am a partner  ·  Flag idea as inappropriate…  ·  Admin →
    • Create filters for default anomaly detection policies

      We would like to have the option of applying filters to default anomaly detection policies or have the ability to create custom policies that can have anomaly detection's applied.

      eg. a "Activity from infrequent country" policy could be applied to users from domain.com but not sub.domain.com.

      The idea behind this is to reduce white noise for a domain we are not concerned about

      2 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
      • change of severity of policy

        Be able to change the severity in policies that are by default. For example: the impossible travel policy has an average severity and for most organizations, it should have a high severity.

        2 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          0 comments  ·  I am a partner  ·  Flag idea as inappropriate…  ·  Admin →
        • Layer MCAS Policies

          We'd like to be able to spawn notifications if several policies are triggered by the same user within a time-frame. For instance, we'd like to be alerted if a user trips off "Activity from infrequent country" AND THEN sets up "Suspicious mail forwarding" or conducts "Unusual file deletion activity"

          4 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
          • Add flexibility in policy alert criteria time frame

            Currently when configuring policies such as "new app discovery", you can only set an alert to fire based on daily usage statistics like upload/download/users, etc. We would appreciate flexibility in the time frame for these alerts -- i.e., setting thresholds based on weekly or monthly usage as well.

            1 vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
            • MCAS reports/export has formatting issue

              MCAS reports/export has formatting issue, with Notepad, Excel, parsers, etc.
              I know that this is not a CR LF only a LF, the issue is that the LF are causing formatting issue with Notepad, Excel, parsers, etc. I know that normal parsers use CR LF for next line. This is a visibility issue. We need an option of an export without LF’s in it. And only CR LF for a next line.

              The visibility issue on reports/export from MCAS has formatting issue with Notepad, Excel, parsers, etc makes it hard to view the reports/export and Especially on sorting the data.

              1 vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
              • Mcas to correlate discovery missing Information from Mcas data on O365/azure access.

                Mcas to correlate discovery missing Information from Mcas data on O365/azure access. We understand that some syslogs lack user information, we would like Mcas to correlate this from Mcas data O365/azure access. Some level of cross referencing is needed to make the syslogs collected useful. Such a time stamp correlation between O365/azure access and page accessing from internal IP’s.

                MCAS Discovery lack user information. We need this to understand the MCAS Discovery data/reports.

                1 vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
                • File Filter - Globbing

                  When filtering on file activity I would like to filter based on parent folder. I want to know events based on the files currently in the folder, but also any new files that are added (and the fact they were added). Currently you can only specify individual files.

                  1 vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
                  • Override admin roles from Azure AD and Office 365

                    As a company administrator I would like to be able to limit access to Cloud App Security for Azure AD or Office 365 based roles. Currently permissions can only be added - not restricted.

                    As an example an AAD based security reader has currently clearly more access to sensitive information in Cloud App Security than in Azure AD.

                    1 vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
                    • Oracle Apps?

                      Hey team: Are Oracle apps on the roadmap to be added to Cloud App Security? Also, can a custom API be set within CASBY to allow Oracle monitoring and policy deployment?

                      2 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  I am an employee of Microsoft  ·  Flag idea as inappropriate…  ·  Admin →
                      • rss

                        Can you come up with a way to alert partners/clients about upcoming changes to the CAS service? Maybe allow us to subscribe to an RSS feed or something similar on this page https://microsoftintune.uservoice.com/forums/291681-ideas/suggestions/9121453-access-file-server-on-on-premises-network ? We need to know about updates to the service ASAP since we have some downstream MSP processes built on feeds from CAS. Thanks!

                        2 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  I am a partner  ·  Flag idea as inappropriate…  ·  Admin →
                        • Extra fields displayed in CAS notifications. EG. "Country logged in from" for infrequent country alerts

                          We would like better customisation available to us when it comes to the CAS alert emails.

                          Using the "Activity from infrequent country" and "Impossible Travel Activity" notifications as an example, it would be good if we could add fields to these emails so that we don't always have to login to check them.
                          We have an office in Sri Lanka and an office in Australia, so having people login from either country is common, and we get false positives on these alerts quite regularly. Especially "Impossible Travel Activity" in that situation.

                          If "Impossible Travel Activity" email alerts showed the two…

                          2 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
                          • Like AWS, you need a service to watch the logs and notify you and/or take corrective action if they fail or degrade as it impacts others

                            Like AWS, you need a service to watch the activity logs and notify you and/or take corrective action if they fail or degrade as it impacts so many other services.

                            1 vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
                            • Cloud App Security DeDup Alerts

                              We have created an alert in CAS that alerts us when there is a logon from certain countries as we have found that these tend more than not to be compromised accounts. When creating this alert we chose to have it alert on a single activity. We want to know every single time this happens so we can act upon these and suspend the accounts as quickly as possible.

                              The issue that we have run into is that in a very short time we will get tons of alerts from the same user as the malicious actor logs on many…

                              9 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                1 comment  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
                              • False Positive Impersonated user alert

                                Whenever a user sends an email with from address of the shared mailbox for which he/she has a "send on behalf" permission for that particularly shared mailbox, then the MCAS alert us this activity as the impersonated user activity.

                                This is very confusing and makes it difficult to understand which is the real impersonation and which are not.

                                To avoid this, MCAS must be able to identify the user's privileges on different mailboxes in the exchange online and act accordingly.

                                2 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
                                • Ability to provide admin consent for SaaS applications in CAS portal

                                  I would like to see the ability to provide admin consent for SaaS application directly within the CAS portal. Perhaps just by clicking the accept button a REST call will approve all the needed consent for the application.

                                  Instead of having to do this...
                                  https://blog.peterdahl.net/2018/05/14/azure-ad-v2-apps-vs-the-brick-wall/

                                  /Peter

                                  1 vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Add Cloud App Security Admin Portal to AAD Conditional Access list of available Applications

                                    Add Cloud App Security Admin Portal to AAD Conditional Access list of available Applications

                                    2 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      1 comment  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Hard limit to export only 5000 records under activity log is killing CAS..Can you remove the limitation?

                                      We have a problem, CAS was able to fetch the logs based on the filter we had we had a policy created with the condition/filter we have). But the Hard limit to export only 5000 records under activity log did not help us. Can you remove the limitation?

                                      CAS could have solved a major security problem in our environment if there wasn't a limit to export logs. To be honest, End of the day it was just useless...again just because of the limitation.

                                      6 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        1 comment  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Suppress / Acknowledge Alerts

                                        We get frequent notifications for travel to infrequent country alerts, but there doesn't seem to be any way to suppress these alerts. It would be nice to be able to tag the user for "legitimate travel" and suppress the alert until after their trip / PTO was scheduled to end. what would be even better would be if CAS could query the user's Exchange calendar and see if an existing OOF reply was set and alert perhaps as informational instead of a warning. It seems like a lot of the information to figure this out more intelligently is already there,…

                                        14 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          1 comment  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →

                                          Hi Dustin,

                                          Thanks for the feedback.
                                          We are looking into different options to gather more information and to intelligently determine if the user is currently “Working normally”, “Working limitedly” when the user is on a business trip for example, “on vacation”, etc.

                                          Let us know if you have additional idea or thoughts around this topic.

                                          We will keep you updated.

                                        • Need to be able to alert on creation of hidden rules in Exchange

                                          There is currently a way to alert on the creation of new rules in O365/Exchange, but if a hidden rule is created by a malicious individual, those types of instances are not picked up by any rules/policies available. Please enable the ability to find these types of events within the logs and alert on them.

                                          3 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            2 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3
                                          • Don't see your idea?

                                          Feedback and Knowledge Base