Versions Compared

Old Version 21

changes.mady.by.user Customer Success & Engineering

Saved on

compared with

New Version 22

changes.mady.by.user Customer Success & Engineering

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Last Updated on: 9/24/2019

Configuration of events from O365 to the Seceon CCE, requires two steps as explained in the following sections:

Table of Contents

Overview

Cloud App Security monitoring is a key feature of Microsoft Defender for Cloud Apps. It enables organizations to monitor their cloud-based applications and services for potential security risks, such as unauthorized access, data leakage, and malware. With Cloud App Security monitoring, organizations can gain visibility into all of their cloud-based assets, including applications, services, and data. This enables them to identify and remediate potential security risks before they can cause any harm.

Steps to Configure the CCE on the O365 portal:

1.Go  Go to: https://www.office.com/?auth=2

2. Login with your credentials: 

username-  For example: example Someone@seceon.onmicrosoft.com

3. Go in into security and compliance :  

...

Note : Invalid token will cause container to restart , in this case  installation will  fail.

Steps to Configure the O365 from the Seceon GUI:

1. Log in to the Seceon GUI(tenant side, if into an MSSP) with the administrator role. Go to "Provisioning" tab.

...

4. Fill in the form with CCE IP and token ID

URLs needs to be allowed:

  1. graph.microsoft.com
  2. manage.office.com
  3. login.microsoftonline.com
  4. login.windows.net


VERIFICATION OF CONFIGURATION


Verification can be done either from CCE Server or from UI.


Using UI


STEP 1: Log in to UI >> SYSTEM


Image Added

STEP 2: >> LOGS AND FLOWS COLLECTION STATUS.


Image Added

STEP 3: >>Inside SOURCE DEVICE IP, IP will reflect.


Image Added

Notes:

Microsoft has 2 main products: Microsoft Cloud App Security & Office365 Cloud App Security The Seceon instructions prior provided is for Microsoft Cloud App Security: https://docs.microsoft.com/en-us/cloud-app-security/siem On that same link, there is a Compare area for MCAS and 0365CAS: https://docs.microsoft.com/en-us/cloud-app-security/editions-cloud-app-security-o365 MCAS includes: Alerts and activity logs for cross-SaaS apps O365CAS includes: For Office 365 alerts only, those who purchased an E5 license for our Office365 environment, thus can only see Office365 Alerts only