![]() Tag can be used to limit the block scope, for example, blocking access only from ‘Tor networks’. In this alert the category was used as a detection mechanism. In such environments, if category would be used as block mechanism, the connections would be blocked. I have seen in many environments that legit connections are considered as anonymous proxy connections. ![]() ![]() Risky networks contains the following categories:īe careful when using the category as a block mechanism. If you want to block access to certain applications with MCAS it’s possible by creating Access policy and target it to wanted category. In the specific category there are at the time of writing three (3) ranges available and one of them contains also Tor networks. The relevant apps should be deployed with Conditional Access App Control – example policy below targeted for Office 365 App.īlock Access from ‘Risky Network’ category is based on Microsoft Threat Intelligence data.Azure AD Premium P1 license, or the license required by your identity provider (IdP) solution.IPC deep dive – Azure AD Identity Protection Deep Diver – Part 2 – Sam’s Corner () Pre-Requisites for Access Policies It means that even though you would have MCAS access policy in place, the access will be blocked by IPC before it reaches MCAS. Most of the access blocking scenarios can be achieved typically with Azure AD Conditional Access which have more granularity for configurations but in certain use cases MCAS can do a trick.Īlso, keep in mind that especially traffic from risky networks based on Microsoft Threat Intelligent data is detected also with Azure AD Identity Protection (IPC). Let take a look how access policies could be used in combination of Azure AD Conditional Access & MCAS. The downside is that it might lead to huge number of false/positive alerts. There is an exception for this and you can request from MS Support non-interactive sign-in to be seen in your activity log (learned this one in one of my earlier MCAS case). Native clients interactive sign-on can be seen in MCAS but when they are acquiring refresh-token it’s not visible in MCAS. In addition, access controls can be applied to native mobile and desktop client apps. Session and access controls can be applied to any interactive single sign-on, using the SAML 2.0 authentication protocol or, if you are using Azure AD, the Open ID Connect authentication protocol as well.įurthermore, if your apps are configured with Azure AD, you can also apply these controls to apps hosted on-premises configured with the Azure AD App Proxy. The following statement is in Microsoft documentation () regarding session and access control policies: As most of you already know, MCAS is built mainly for protecting browser based applications in terms of Access & Session policies.įor example, session policies don’t support mobile & desktop apps. Even though, possibilities of leveraging policies is almost endless, it’s important to be aware of MCAS limitations when working with access & session policies. MCAS has wide range of policy categories available out of the box, a reference list of policy templates is found here. Auditing Azure AD Diagnostics Setting Changes – Sam’s Corner ().Monitor Elevate Access Activity in Azure with Azure Sentinel – Sam’s Corner ().MCAS offers a way to detect use cases that are not possible to detect with other products Microsoft Defender for Endpoint integration.Microsoft Defender for Identity integration.Cloud Discovery aka Shadow IT Management.There are a lot cool features underneath the hood which are not widely known or used. Typical organization I have worked with uses MCAS for cloud security monitoring & governance purposes. Blocking access to the cloud environment can be efficiently done with other methods, such as Conditional Access policies, and use cases for using MCAS Access Policies are rare, but there are a few interesting ones. ![]() In recent years, I have written +20 Cloud App Security (MCAS) related blog posts but never touched deeply on Access Policies. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |