Cloud App Security

Welcome! You can use this site to give feedback directly to our engineering teams that build the security products you rely on. You can suggest features or design changes, and vote on suggestions others have made. If you would like to further engage our engineering teams, please join our Security Community by visiting https://aka.ms/SecurityCommunity.

To learn more about Microsoft Cloud App Security or try it out, visit the product page.

  1. Extended File Metadata Support

    Cloud App security does not currently support the extended file metadata that is saved to a file when it is stored on a SharePoint Online document library. This would be hugely beneficial with applying File policies to existing SharePoint libraries that make use of custom selection properties for files.

    30 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
  2. Modify a specification of impersonated activity detection.

    As for impersonated activity detection on Cloud App Security, there is one strange operation as follows.

    1. When a team is created on Microsoft Teams, Office 365 Groups with mailbox and email address are generated automatically.
    2. If a general user posts something on its team, the posting will be saved in the Office 365 Groups mailbox with the Office 365 Groups email address.
    3. It is the user who posted. On the other hand, it is the Office 365 Groups email address that saved the post in the mailbox. Therefore, it is detected as an impersonated activity and an…

    25 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
  3. File Policy

    As a cloud security specialist, I would like to create two policies.

    1. Anyone who share sensitive info like (ssn,credit card,bank info and financial data) to public,private or internal it should trigger to concern admin to take action or auto governance (One exception : This policy should applicable to all but not for specific group like HR)

    2. From only HR team, who share sensitive info like (ssn,credit card,bank info and financial data) to public,private or internal it should trigger to concern admin to take action or auto governance (One exception : This policy should applicable only for specific group…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
  4. allow suspension of accounts to work with on prem ad

    Currently this is the case
    If your Azure Active Directory is set to automatically sync with the users in your Active Directory on-premises environment the settings in the on-premises environment override the Azure AD settings and use of the Suspend user governance action is reverted.
    For people with on prem AD this is actually useless and provides no security for our data. The solution would be allow to block sign-ins still and where this attribute was set by cloud app security not allow AD sync to override it. Without this capability there is no protection for on prem AD customers.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
  5. Extend for Citrix NetScaler

    Extend for Citrix NetScaler (ADC) Application delivery controller

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  6. Ability to detect MFA

    Detect MFA, And output an alert if MFA is not performed.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am an employee of Microsoft  ·  Flag idea as inappropriate…  ·  Admin →
  7. Scope for Malware detection policy

    We would like to have the option to customize "Malware detection" policy to scope the apps.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am an employee of Microsoft  ·  Flag idea as inappropriate…  ·  Admin →
  8. Configuration for outdated user agents

    It would be beneficial to be able to configure what user agents are considered outdated, in terms of how outdated it is. For example, raise an alert if the user agent is outdated for 3 months.
    While it's ideal to have the latest browser versions, it's not always possible.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
  9. I would like to be able to trigger an action, such as reset password, based on a Leaked Credentials alert.

    Trigger actions in Flow based on a Leaked Credential alert. Currently this functionality is possible in AAD Identity Protection but is not a Flow trigger.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
  10. Ability to use variables in notification messages

    It would be nice to be able to use variables in notification messages to make them a bit more meaning full e.g.

    Hi %Owner%,
    Contoso has detected you have saved the file %file name%, this file contains sensitive personal information to %app%.

    The following actions have been taken to protect this information

    - File has been made private
    - Any shares with users external to GA have been removed.

    Regards
    Contoso

    This would offer users more meaningful messages and could reduce the amount of policies required as One policy could be used for multiple apps.
    The other option would be…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am a partner  ·  Flag idea as inappropriate…  ·  Admin →
  11. mngluigtp;vulflc

    ljhukto87ul

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am a partner  ·  Flag idea as inappropriate…  ·  Admin →
  12. I want to search the activity log that contains a specific string in the file name.

    I want to search the activity log that contains a specific string in the file name.
    For example, you want to search for activities that contain "secret" in the file name, and list the most recently accessed activities of highly sensitive files.
    The current scheme only allows forward, backward, and exact matches of filenames.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
  13. Keep VM Log Collector

    I notice that the Log Collector VM appliance has been deprecated.

    I would argue to continue supporting it as not every environment makes sense to use docker. E.g. My on-prem services mostly cannot be dockerized. Either it won't work as a container or it is unsupported/license violation.

    I don't want to have to stand up docker and take on the overhead of maintaining it just to run a log collector.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
  14. Governance Actions on Stale Files Shared Externally

    The suggested query "Stale files shared externally" seemed like a good idea to make a policy with governance actions on. We wanted to remove external user permissions on files that haven't been accessed after a period of time. The policy worked, but with some adverse effects.

    For one, if the external user permissions are inherited (like from a parent folder), it is removing the user from the whole folder permissions, instead of just a file. In a folder with many files, it's pretty likely that there are some files not currently being worked on and will trigger this removal.

    Also,…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
  15. Unsupported devices should not be able to bypass Cloud App Security!

    We had a POC 3 months ago (in June). During this POC we came to the conclusion that unsupported devices and plattforms will be blocked as well (which was fine and expected). Currently, mobile apps (such as Teams for Android) which do not support e.g. certificate based authentication are able to login without having to provide such a certificate during the login. This is a high security risk! And it was working 3 months back in time. Please revert these changes!

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am a partner  ·  Flag idea as inappropriate…  ·  Admin →
  16. Add MCAS reporting to PowerBI

    Management needs to be informed about the effects, results and actions taken via MCAS during the past month. Please add a reporting template to support this governance process.
    In addition, it would be nice to have this available as a content pack for PowerBI.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am a partner  ·  Flag idea as inappropriate…  ·  Admin →
  17. Activity Policy - Ability to Filter Location by City and/or State

    For activity policies, we would like to see the ability to filter by location using city and/or state metadata; not just by country. For example, when scanning for all US based activities (actions/logins), we receive alerts all US based ISP's. I can utilize categories or tags to create lists of known trusted corporate IP addresses, but when employees log in from home, hot spots, airports, etc.…we end up with 1000’s of potential false positives. If I could filter based on city, that would help eliminate triggering governance for 1000’s of false positives. For now, I am stuck only looking for…

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am a partner  ·  Flag idea as inappropriate…  ·  Admin →
  18. Protect old format office and non-Office files

    Currently, it is possible to label Office files by using MCAS. but old format office and non- office files can not be labeled and protected.
    We'd like to label or protect any files by using MCAS.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am an employee of Microsoft  ·  Flag idea as inappropriate…  ·  Admin →
  19. NetDocuments Support

    Add support for NetDocuments. This would be huge for legal firms.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
  20. Ability re-label on Sharepoint Online files

    Currently, MCAS is not able to re-label files on SharePoint Online.
    We'd like to re-label and override protection label on SharePoint Online.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am an employee of Microsoft  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 6
  • Don't see your idea?

Feedback and Knowledge Base