Category Archives: Cloud App Security

Configuring the Cloud App Security Connector in Power Automate

As my love for Cloud App Security and Power Automate grows I just wanted to demonstrate how easy it is to connect both services together.

Configuring Cloud App Security

Browse to Cloud App Security Dashboard using the following URL

Go to Setting cog in the top right hand corner and select Security Extension.

If you have created an API before in Cloud App Security you can click “Add Token” or select the Blue Plus button.

Provide your new token a name then click “Generate

This will now create the require token used to integrate Power Automate into Cloud App Security.

Configuring Power Automate

Browse to Cloud App Security Dashboard using the following URL

Go to Data and select Connections

Select New Connection

Scroll down in the Connection list to look for Cloud App Security and click the Blue Plus

Enter your API Key you generated earlier from the Cloud App Security Dashboard and select

You are now able to Create Alerts using Power Automate and here an example of pushing the alerts into Microsoft Teams.

The Author – Blogabout.Cloud

Cloud App Security release 181

Microsoft have just released version 181 of Cloud App Security. In this release we have 1 new item and a name change.

  • New Cloud Discovery Menlo Security log parser
    Cloud App Security Cloud Discovery analyzes a wide range of traffic logs to rank and score apps. Now Cloud Discovery includes a built-in log parser to support the Menlo Security CEF format. For a list of supported log parsers, see Supported firewalls and proxies.
  • Azure Active Directory (AD) Cloud App Discovery name displays in portal
    For Azure AD P1 and P2 licenses, we’ve updated the product name in the portal to Cloud App Discovery. Learn more about Cloud App Discovery.

The Author – Blogabout.Cloud

Deploying Cloud App Security

I have been recently investigating Cloud App Security how it can benefit organizations already paying for this functionality without even knowing. Do you already pay for the following Microsoft licenses?

  • Microsoft Cloud App Security
  • Microsoft Cloud App Security + Enterprise Mobility & Security E3 (EMS E3)
  • Enterprise Mobility & Security E5 (EMS E5)
  • Microsoft 365 E5 Security
  • Microsoft 365 E5
  • Microsoft 365 Education A5
  • Office 365 E5
  • Azure AD Premium 1

If yes, you are licensed to enable Cloud App Security for your organization

For more information about the licensing requirements

Click on the following URL
Starting with Cloud App Security

Cloud App Security – Dashboard

Getting started with Cloud App Security

Log process flow: From raw data to risk assessment

The process of generating understanding the risk within your organisation from a Cloud Securtity starts here with the following. You can upload data to Cloud App Security and the process takes between a few minutes to several hours depending on the amount of data processed.

  • Upload – Web traffic logs from your network are uploaded to the portal.
  • Parse – Cloud App Security parses and extracts traffic data from the traffic logs with a dedicated parser for each data source.
  • Analyze – Traffic data is analyzed against the Cloud App Catalog to identify more than 16,000 cloud apps and to assess their risk score. Active users and IP addresses are also identified as part of the analysis.
  • Generate report – A risk assessment report of the data extracted from log files is generated.


Continuous report data is analyzed twice a day.

Supported firewalls and proxies

Cloud App Security support data uploads from the following Firewalls and Proxies.

  • Barracuda – Web App Firewall (W3C)
  • Blue Coat Proxy SG – Access log (W3C)
  • Check Point
  • Cisco ASA with FirePOWER
  • Cisco ASA Firewall (For Cisco ASA firewalls, it’s necessary to set the information level to 6)
  • Cisco Cloud Web Security
  • Cisco FWSM
  • Cisco IronPort WSA
  • Cisco Meraki – URLs log
  • Clavister NGFW (Syslog)
  • Digital Arts i-FILTER
  • Forcepoint
  • Fortinet Fortigate
  • iboss Secure Cloud Gateway
  • Juniper SRX
  • Juniper SSG
  • McAfee Secure Web Gateway
  • Microsoft Forefront Threat Management Gateway (W3C)
  • Palo Alto series Firewall
  • Sonicwall (formerly Dell)
  • Sophos SG
  • Sophos XG
  • Sophos Cyberoam
  • Squid (Common)
  • Squid (Native)
  • Stormshield
  • Websense – Web Security Solutions – Investigative detail report (CSV)
  • Websense – Web Security Solutions – Internet activity log (CEF)
  • Zscaler
Create Cloud Discovery snapshot report
Sample Report

Automatic Risk Assessment

Cloud App Security also enables organizations to automatically discovery the Cloud Apps in use via actives on your firewall logs. This is done via Log Collectors that allows organizations upload logs to Cloud App Security. Every single long is automatically transfers to the portal, there is 2 different behaviours if you are using FTP or Syslog

FTP Uploads

FTP logs are uploaded to Microsoft Cloud App Security after the file finished the FTP transfer to the Log Collector

SysLog Uploads

The Log Collector writes the received logs to the disk. Then the collector uploads the file to Cloud App Security when the file size is larger than 40 KB

However, you may what to check that the data being used for Automatic upload is in a valid format. Check out this link for more information.

App connectors

App connectors use APIs from cloud app providers to integrate the Cloud App Security cloud with other cloud apps. App connectors extend control and protection. They also give you access to information directly from cloud apps, for Cloud App Security analysis.

To connect an app and extend protection, the app administrator authorizes Cloud App Security to access the app. Then, Cloud App Security queries the app for activity logs, and it scans data, accounts, and cloud content. Cloud App Security can enforce policies, detects threats, and provides governance actions for resolving issues.

So how does the look from the portal?

List of Connected Apps available today

Lets connect Office 365 for the purpose of this post.

Connect Office 365
Select the components you would like to monitor and connect the app

Conditional Access App Control protection

Microsoft Cloud App Security Conditional Access App Control uses reverse proxy architecture to give you the tools you need to have real-time visibility and control over access to and activities performed within your cloud environment. With Conditional Access App Control, you can protect your organization:

  • Avoid data leaks by blocking downloads before they happen
  • Set rules that force data stored in and downloaded from the cloud to be protected with encryption
  • Gain visibility into unprotected endpoints so you can monitor what’s being done on unmanaged devices
  • Control access from non-corporate networks or risky IP addresses
Conditional Access App Control protection

With Conditional Access App Control protection you can define you want to Monitor what is being accessed or block.

Conditional Access Policies

When configured you will notice the below appear for all access control applications


Once you have configured the basics above the next steps is to enable policies you would like run within your environment. Out of the box you will receive a number policies deemed appropriate from Microsoft but there may be additions ones you would like for example;

In my environment I have created a policy that check for OneDrive Documents shared outside my business to specific domains

This policy also has the power to remove the external user to prevent access and this is where Cloud App Security really comes into its own. As it allows organisations and IT Administrators to the power to real take control of corporate data.

I hope you found this run through helpful

The Author – Blogabout.Cloud

Enabling Conditional Access App Control for featured apps

Cloud App Security offers the ability to leverage Conditional Access for Exchange Online and SharePoint Online but how do we configure this functionality?

Let’s start with your Azure Portal and browse to Conditional Access –> New Policy

Conditional Access

So as I previously mentioned this control only works for Exchange Online and SharePoint Online so you will need to select;

– Office 365 Exchange Online
– Office 365 SharePoint Online

Cloud apps

Under Session, you need to select Conditional Access App Control and as you can see below we only have 3 options

– Monitor only (Preview)
– Block downloads (Preview)
– Use custom policy…


For the purpose of this post, I am going to just Monitor what happening their Cloud App Security to discover what’s happening within my tenancy.

Once the policy is enabled, sign into Exchange Online or SharePoint Online and you will be welcome by the below message. This demonstrates that Conditional Access App Control is now in place.

Welcome to Conditional Access App Control

From you Cloud App Security console you will be able to see this activity and all future activities

Conditional Access App Control

The Author – Blogabout.Cloud