MCAS No built-in policies

%3CLINGO-SUB%20id%3D%22lingo-sub-1142474%22%20slang%3D%22en-US%22%3EMCAS%20No%20built-in%20policies%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1142474%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20is%20possibly%20because%20I've%20not%20figured%20out%20how%20to%20configure%20this%20yet%20but%20I%20have%20signed%20up%20for%20the%20Azure%20AD%20Premium%20P2%20Trial%20as%20I%20wanted%20to%20try%20out%20some%20of%20the%20conditional%20access%20features%20and%20look%20in%20to%20MCAS%20which%20we've%20just%20started%20using%20at%20my%20workplace.%20If%20I%20understand%20correctly%20there%20should%20be%20a%20large%20group%20of%20built-in%20policies%20available%20under%20the%20'Policies'%20tab%2C%20but%20mine%20appears%20to%20be%20empty.%20If%20I%20go%20to%20create%20a%20new%20policy%2C%20the%20only%20workflow%20available%20is%20'Create%20policy'%20-%26gt%3B%20'App%20discovery%20policy'%20whereas%20on%20our%20workplace%20MCAS%20tenancy%20we%20can%20create%20access%20policies%2C%20activity%20policies%20and%20more.%20If%20I%20go%20to%20create%20a%20snapshot%20report%20too%2C%20I%20only%20get%20the%20ability%20to%20ingress%20data%20from%20appliances%20external%20to%20Microsoft%20technologies%20and%20not%20Office%20365%2C%20EXO%20or%20other%20services.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20did%20go%20in%20to%20the%20Cloud%20app%20catalog%20and%20sanctioned%20Office%20365%2C%20Azure%20and%20Exchange%20Online%20thinking%20this%20would%20implement%20the%20built-in%20policies%2C%20but%20this%20didn't%20seem%20to%20do%20it%2C%20I'm%20still%20left%20with%20being%20able%20to%20only%20create%20App%20discovery%20policies.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAuditing%20is%20enabled%20in%20my%20Office%20365%20tenancy%20(although%20I%20enabled%20it%20around%2020%20hours%20ago%2C%20don't%20know%20if%20I%20need%20to%20give%20it%20a%20bit%20more%20time).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20assuming%20I've%20not%20done%20something%20at%20this%20point%2C%20but%20when%20MCAS%20is%20initialized%20as%20part%20of%20the%20Azure%20AD%20Premium%20P2%20licence%20should%20all%20these%20built-in%20policies%20populate%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMany%20thanks%2C%3C%2FP%3E%3CP%3E-%20Lee%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EEdit%3A%20I%20think%20I%20figured%20it%20out.%20The%20MCAS%20product%20features%20are%20different%20between%20Azure%20AD%20P2%20and%20a%20specific%20MCAS%20licence.%20On%20applying%20the%20trial%20MCAS%20product%20licence%20this%20gives%20me%20significantly%20more%20options%2C%20so%20this%20might%20just%20be%20down%20to%20not%20having%20properly%20compared%20the%20two.%20I%20did%20look%20for%20Cloud%20App%20Security%20in%20the%20admin%20center%20and%20it%20didn't%20show%20up%20but%20it%20does%20today%20unless%20it%20only%20became%20available%20once%20I'd%20applied%20the%20trial%20Azure%20AD%20P2%20licence.%20If%20any%20of%20this%20seems%20wrong%2C%20please%20feel%20free%20to%20correct%20but%20it's%20looking%20like%20user%20error.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1142474%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECloud%20App%20Security%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ECloud%20Discovery%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1147063%22%20slang%3D%22en-US%22%3ERe%3A%20MCAS%20No%20built-in%20policies%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1147063%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F255231%22%20target%3D%22_blank%22%3E%40lsward%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYou%20are%20correct%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThere%20is%20a%20difference%20between%20the%20functionality%20available%20via%20some%20Office%20365%20plans%20that%20include%20the%20Cloud%20App%20Security%20discovery%20feature%20and%20the%20full%20version%20included%20in%20EMS%20E5%20and%20other%20plans.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAzure%20AD%20Plan%202%20alone%20does%20not%20include%20MCAS%20license%20(unless%20if%20your%20have%20added%20EMS%20E5).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20full%20version%20includes%20the%20policy%20templates%2C%20Azure%20and%20Windows%20Defender%20ATP%20integration%2C%20information%20protection%20and%20lots%20more.%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EThx%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EShlomi%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

Hi,

 

This is possibly because I've not figured out how to configure this yet but I have signed up for the Azure AD Premium P2 Trial as I wanted to try out some of the conditional access features and look in to MCAS which we've just started using at my workplace. If I understand correctly there should be a large group of built-in policies available under the 'Policies' tab, but mine appears to be empty. If I go to create a new policy, the only workflow available is 'Create policy' -> 'App discovery policy' whereas on our workplace MCAS tenancy we can create access policies, activity policies and more. If I go to create a snapshot report too, I only get the ability to ingress data from appliances external to Microsoft technologies and not Office 365, EXO or other services.

 

I did go in to the Cloud app catalog and sanctioned Office 365, Azure and Exchange Online thinking this would implement the built-in policies, but this didn't seem to do it, I'm still left with being able to only create App discovery policies.

 

Auditing is enabled in my Office 365 tenancy (although I enabled it around 20 hours ago, don't know if I need to give it a bit more time).

 

I'm assuming I've not done something at this point, but when MCAS is initialized as part of the Azure AD Premium P2 licence should all these built-in policies populate?

 

Many thanks,

- Lee

 

Edit: I think I figured it out. The MCAS product features are different between Azure AD P2 and a specific MCAS licence. On applying the trial MCAS product licence this gives me significantly more options, so this might just be down to not having properly compared the two. I did look for Cloud App Security in the admin center and it didn't show up but it does today unless it only became available once I'd applied the trial Azure AD P2 licence. If any of this seems wrong, please feel free to correct but it's looking like user error.

1 Reply

@lsward 

 

Hi,

 

You are correct,

 

There is a difference between the functionality available via some Office 365 plans that include the Cloud App Security discovery feature and the full version included in EMS E5 and other plans.

 

Azure AD Plan 2 alone does not include MCAS license (unless if your have added EMS E5).

 

The full version includes the policy templates, Azure and Windows Defender ATP integration, information protection and lots more.


Thx,

 

Shlomi

 

 

 

www.000webhost.com