Cloud App Security

Welcome! You can use this site to give feedback directly to our engineering teams that build the security products you rely on. You can suggest features or design changes, and vote on suggestions others have made. If you would like to further engage our engineering teams, please join our Security Community by visiting https://aka.ms/SecurityCommunity.

To learn more about Microsoft Cloud App Security or try it out, visit the product page.

How can we improve Cloud App Security?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  1. Add Support for Ubiquiti UniFi Security Gateways

    I would love to see support for Ubiquiti UniFi Security Gateway (firewall) products.

    32 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      2 comments  ·  I am a partner  ·  Flag idea as inappropriate…  ·  Admin →
    • Multi-tenant support for App Connectors like Office 365 and Azure

      I have a customers which have lots of tenants and they would like to aggregate all the security logging into the same centralized MCAS solution. But since it doesn't seem to be possible today they are pulling all the logs down on-premises for further analysis in their own SIEM.

      I can really see the need for this functionality since many organisations buy other companies and end up with more tenants. If they are going to be able to keep control over the ever increasing security boundary they are forced to download all the logs to their local SIEM.

      2 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  I am a partner  ·  Flag idea as inappropriate…  ·  Admin →
      • box other emails as Target

        Customer case: We need to map the "mail" attribute from Active Directory to "other emails" attribute in Box, so that users can use their email address from AD as an Email in Box. The issue is that the “Other Emails” attribute from Box is not available to be mapped. After selecting “Add New Mapping” option, we are able to select “mail” as Source attribute, but we cannot select “Other Emails” as Target attribute. User 1 sends a request to user 2 using anything other than their UPN then box will attempt to create a personal account rather than identifying user…

        3 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          0 comments  ·  I am an employee of Microsoft  ·  Flag idea as inappropriate…  ·  Admin →
        • Layer MCAS Policies

          We'd like to be able to spawn notifications if several policies are triggered by the same user within a time-frame. For instance, we'd like to be alerted if a user trips off "Activity from infrequent country" AND THEN sets up "Suspicious mail forwarding" or conducts "Unusual file deletion activity"

          6 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
          • Connect another Azure subscription

            We were looking the option to see/connect another Azure Subscription but there is no option under SaaS applications

            1 vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  I am a partner  ·  Flag idea as inappropriate…  ·  Admin →
            • upload from Session Border Controllers

              Since Microsoft Teams have introduced Direct Routing with On premise Session Border Controllers, can we have option to upload "syslogs" from Audio codes, Ribbon and other SBC's

              I tried to upload syslogs and it says format is not valid

              1 vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  I am a partner  ·  Flag idea as inappropriate…  ·  Admin →
              • Create filters for default anomaly detection policies

                We would like to have the option of applying filters to default anomaly detection policies or have the ability to create custom policies that can have anomaly detection's applied.

                eg. a "Activity from infrequent country" policy could be applied to users from domain.com but not sub.domain.com.

                The idea behind this is to reduce white noise for a domain we are not concerned about

                3 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
                • Remove SSL 3.0 from the log collector image

                  When the log collector image is running, it advertises support for SSL 3.0 on port 21. My Nessus scan flags this as a High Security alert. This is independent of the Ubuntu container host settings.

                  1 vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
                  • Oracle Apps?

                    Hey team: Are Oracle apps on the roadmap to be added to Cloud App Security? Also, can a custom API be set within CASBY to allow Oracle monitoring and policy deployment?

                    4 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  I am an employee of Microsoft  ·  Flag idea as inappropriate…  ·  Admin →
                    • Delete API Integrations no Longer Needed

                      We would like to be able to delete the API integrations in the console to keep a clean state. As of today you can only disable them. Also, being able to delete all their information from the CAS console is ideal as the API is no longer needed.

                      1 vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
                      • Expand Dropbox Governance Actions through API

                        Expand governance actions available via API for Dropbox to include suspension of user and quarantine of files.

                        1 vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
                        • Possibility to exclude some extensions

                          When you are creating CAS rules you have the possibility to filter files that ends with some extension. It would be useful to be able to choose files that not ends with specific extension too.

                          As a scenario, the ransomware rule is searching for known crypto extensions but it will not work for new extensions - if we would have the possibility to exclude known file types (like xlsx, docx, pdfs, etc) we would have chances to spot ransomware (suspicious activity) faster.

                          1 vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
                          • rss

                            Can you come up with a way to alert partners/clients about upcoming changes to the CAS service? Maybe allow us to subscribe to an RSS feed or something similar on this page https://microsoftintune.uservoice.com/forums/291681-ideas/suggestions/9121453-access-file-server-on-on-premises-network ? We need to know about updates to the service ASAP since we have some downstream MSP processes built on feeds from CAS. Thanks!

                            3 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  I am a partner  ·  Flag idea as inappropriate…  ·  Admin →
                            • Hard limit to export only 5000 records under activity log is killing CAS..Can you remove the limitation?

                              We have a problem, CAS was able to fetch the logs based on the filter we had we had a policy created with the condition/filter we have). But the Hard limit to export only 5000 records under activity log did not help us. Can you remove the limitation?

                              CAS could have solved a major security problem in our environment if there wasn't a limit to export logs. To be honest, End of the day it was just useless...again just because of the limitation.

                              7 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                1 comment  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
                              • implement the ability for MCAS to act as a forward filtering web proxy to control web access for end users

                                implement the ability for MCAS to act as a forward web proxy so it can deploy category based filtering, DLP and such. You would eat into zscaler and forcepoint territory and it would be a big win for orgs wanting to do zero trust networks

                                8 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
                                • Consolidate CAS dashboard with other Microsoft security products

                                  Currently, customers must visit a separate dashboard to use each Microsoft security product (e.g., CAS, ATA, ASC, O365 Security). It would be easier if all security products could be used from a single dashboard.

                                  27 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    under review  ·  2 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Add Cloud App Security Admin Portal to AAD Conditional Access list of available Applications

                                    Add Cloud App Security Admin Portal to AAD Conditional Access list of available Applications

                                    2 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      1 comment  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Role Based Access

                                      By default all Global Admins are able to access Cloud App Security this is really bad, we need to handle this by other means. Make it possible to control this with RBAC and Groups.

                                      18 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        under review  ·  1 comment  ·  I am a partner  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Discovery without Proxy/FW

                                        While customers are moving to a Modern Workplace often the proxy and firewall is bypassed, we would need a way to get discovery from machines directly. We actually also would need a way to protect the machines in a proxy manner, we would also be able to block certain categories of web directly on the endpoint.

                                        15 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          under review  ·  3 comments  ·  I am a partner  ·  Flag idea as inappropriate…  ·  Admin →
                                        • 19 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            under review  ·  2 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4
                                          • Don't see your idea?

                                          Feedback and Knowledge Base