Query on MCAS Unsanctioned application | Microsoft Live(IT services)

%3CLINGO-SUB%20id%3D%22lingo-sub-2601659%22%20slang%3D%22en-US%22%3EQuery%20on%20MCAS%20Unsanctioned%20application%20%7C%20Microsoft%20Live(IT%20services)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2601659%22%20slang%3D%22en-US%22%3E%3CDIV%20class%3D%22votecell%20post-layout--left%22%3E%3CDIV%20class%3D%22js-voting-container%20d-flex%20jc-center%20fd-column%20ai-stretch%20gs4%20fc-black-200%22%3E%3CDIV%20class%3D%22js-vote-count%20flex--item%20d-flex%20fd-column%20ai-center%20fc-black-500%20fs-title%22%3E%3CSPAN%3E%3CSPAN%3E%3CSPAN%3ERecently%20I%20received%20a%20security%20Incident%20on%20my%20Microsoft%20Cloud%20Application%20Security(MCAS)%20portal%3CSPAN%3E%26nbsp%3BData%20exfiltration%20to%20an%20app%20that%20is%20not%20sanctioned%3CSPAN%3E%26nbsp%3B%3CSPAN%3EWhen%20I%20drilled%20down%2C%20I%20found%20Microsoft%20Live%20application%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3CDIV%20class%3D%22postcell%20post-layout--right%22%3E%3CDIV%20class%3D%22s-prose%20js-post-body%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Deepanshu_Marwah_0-1627957604122.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F300049i7E6A102AA6A2AE72%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22Deepanshu_Marwah_0-1627957604122.png%22%20alt%3D%22Deepanshu_Marwah_0-1627957604122.png%22%20%2F%3E%3C%2FSPAN%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CIMG%20border%3D%220%22%20%2F%3E%3C%2FP%3E%3CDIV%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3CP%3E%3CIMG%20border%3D%220%22%20%2F%3E%3C%2FP%3E%3CP%3ECan%20anyone%20help%20me%20understand%20what%20is%20this%20application%20and%20why%20its%20showing%20data%20exfiltration%20incident%3F%3C%2FP%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2601659%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECloud%20App%20Security%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2619635%22%20slang%3D%22en-US%22%3ERe%3A%20Query%20on%20MCAS%20Unsanctioned%20application%20%7C%20Microsoft%20Live(IT%20services)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2619635%22%20slang%3D%22en-US%22%3EIf%20I%20am%20not%20mistaken%20live%20is%20the%20Microsoft%20email%20portal%2C%20outlook.live.com.%20Someone%20could%20have%20signed%20in%20with%20their%20corporate%20credentials%20and%20uploaded%20information.%20Do%20you%20have%20webmail%20enabled%3F%3C%2FLINGO-BODY%3E
Occasional Contributor
Recently I received a security Incident on my Microsoft Cloud Application Security(MCAS) portal Data exfiltration to an app that is not sanctioned When I drilled down, I found Microsoft Live application 

 

Deepanshu_Marwah_0-1627957604122.png

 

 

Can anyone help me understand what is this application and why its showing data exfiltration incident?

 

Also posted this query on azure - Query on MCAS Unsanctioned application | Microsoft Live(IT services) - Stack Overflow

1 Reply
If I am not mistaken live is the Microsoft email portal, outlook.live.com. Someone could have signed in with their corporate credentials and uploaded information. Do you have webmail enabled?
www.000webhost.com