Moving to the clouds increases versatility for employees and IT alike. However, it also introduces new challenges and complexities for keeping your organization protected and secured. 

To benefit from cloud apps and other services, you must find the right balance of supporting access while maintaining control to protect critical data.

When it comes to the cloud, you must know what occurs behind the scenes with privileged accounts, users, apps, and other resources that are connected to the cloud. One of Microsoft’s strongest platforms that allow you to perform visibility and protect cloud (or Multi-Cloud) and on-premises resources is undoubtedly Microsoft Cloud App Security (in a short, MCAS).

Microsoft Cloud App Security provides rich visibility, control over data travel, and advanced analytics to identify and fight cyber threats across all your Microsoft and third-party cloud services.

Microsoft Teams and MCAS

The Microsoft Cloud App Security architecture includes many ways to connect to your apps, system, and third-party vendors and allows you to defend as well, and Microsoft Teams is one of them.

Microsoft Teams is part of Office 365, and with Microsoft Cloud App Security, you can identify, protect, and perform reverse proxy.

Microsoft Cloud App Security can identify and protect Microsoft Teams based on the following scenario:

App connectors – App connectors use APIs from cloud app providers to integrate the Cloud App Security cloud with other cloud apps. 

App connectors extend control and protection. They also give you access to information directly from cloud apps for Cloud App Security analysis.

Conditional Access App Control protection – Microsoft Cloud App Security Conditional, Access App Control with Microsoft Teams, use reverse proxy architecture to give you the ability to have real-time visibility and control over access to and activities performed within your cloud environment. 

With Conditional Access App Control, you can do the following defense:

• Avoid data leaks by blocking downloads before they happen
• Set rules that force data stored in and downloaded from the cloud to be protected with encryption
• Gain visibility into unprotected endpoints so you can monitor what’s being done on unmanaged devices
• Control access from non-corporate networks or risky IP addresses

Policy Control – You can use policies to define your users’ behavior in the cloud. Use policies to detect risky behavior, violations, or suspicious data points and activities in your cloud environment. 

You can use policies to integrate remediation processes to achieve complete risk mitigation. 

Types of policies correlate to the different types of information you might want to gather about your cloud environment and the types of remediation actions you might take.

MCAS and Microsoft Teams Integration

Microsoft Cloud App Security can allow visibility, identify security issues, and respond once security issues occur. The Microsoft Cloud App Security is divided into few categories. 

Office 365 API and Microsoft Teams

Microsoft Cloud App Security supports the legacy Office 365 Dedicated Platform and the latest offerings of Office 365 services. Microsoft Cloud App Security integrates directly with Office 365’s audit logs and receives all audited events from all supported services, such as PowerApps, Forms, Sway, Stream, and Microsoft Teams.

How to connect Office 365 – The Office 365 (including Microsoft Teams) API integration is straightforward. It allows you to connect with the relevant admin permissions from the Microsoft Cloud App Security console.

MCAS Connected Apps

Once it’s connected, you need to wait a few hours to receive useful information and start to work with the information.

Some highlight when integrating Microsoft Cloud App Security with Office 365:

• You must have at least one assigned Office 365 license to connect to Microsoft Cloud App Security.
• Exchange administrator audit logging, which is enabled by default in Office 365, logs an event in the Office 365 audit log when an administrator makes a change in your Exchange Online organization.
• Exchange Mailbox audit logging must be turned on for each user mailbox before user activity in Exchange Online is logged,
• If Office apps are enabled, groups that are part of Office 365 are also imported to Microsoft Cloud App Security from the specific Office apps.
• You must enable auditing in PowerBI to get the logs from there. Once auditing is enabled, Microsoft Cloud App Security starts getting the logs.
• You must enable auditing in Dynamics 365 to get the logs from there. Once auditing is enabled, Microsoft Cloud App Security starts getting the logs.
• If your Azure Active Directory is set to automatically sync with the users in your Active Directory on-premises environment, the settings in the on-premises environment override the Azure AD settings, and use of the Suspend user governance action is reverted.

MCAS and Microsoft Teams

Reverse Proxy (Conditional Access App Control)

Azure AD Conditional Access App Control uses a reverse proxy architecture, and it allows you to enforce access controls on your organization’s apps based on certain conditions. The conditions define who and what, and where a Conditional Access policy is applied to.

After you’ve determined the conditions, you can route users to Microsoft Cloud App Security, where you can protect data with Conditional Access App Control by applying access and session controls.

Azure AD Conditional Access App Control enables user app access and sessions to be monitored and controlled in real-time based on access and session policies. With the access and session policies, you can:

• Prevent data exfiltration – allow you to block downloads, cut, copy, and print sensitive documents on, for example, unmanaged devices.
• Protect on the download can require documents to be labeled and protected with Azure Information Protection. This action ensures the document is protected and user access is restricted in a potentially risky session.
• Prevent the upload of unlabeled files can ensure that unlabeled files with sensitive content are blocked from being uploaded until the user classifies the content.
• Monitor user sessions for compliance can investigate and analyze user behavior to understand where, and under what conditions, session policies should be applied in the future.
• Block access can granularly block access for specific apps and users depending on several risk factors. For example, you can block them if they are using client certificates to form device management.
• Block custom activities can scan messages for sensitive content and block them in real-time.

How to configure Conditional Access App Control

Follow these steps to configure featured apps controlled by Microsoft Cloud App Security Conditional Access App Control.

• Azure AD portal and create a conditional access policy for the apps and route the session to Cloud App Security
• Sign in to each app using a user scoped to the policy
• Verify the apps are configured to use access and session controls
• Test the deployment

Highlights 

• Reverse Proxy can be applied to any interactive single sign-on, using SAML 2.0 or Open ID Connect authentication protocols.
• Deploy Conditional Access App Control for featured apps
• Onboard and deploy Conditional Access App Control for any app
• License for Azure AD Premium P1
• License Microsoft Cloud App Security license

Microsoft Teams Policy Control

Microsoft Cloud App Security provides policies to define users’ behavior in the cloud, such as detecting risky behavior, violations, or suspicious data points and activities in your cloud environment. If needed, you can use policies to integrate remediation processes to achieve complete risk mitigation.

Types of policies correlate to the different types of information you might want to gather about your cloud environment and the types of remediation actions you might take.

There are a few built-in policies for Microsoft Teams:

• When a team’s access level is changed from private to public
• When an external user is added to a team
• When a user deletes a large number of teams

To add Microsoft Teams policies into Microsoft Cloud App Security, go to Control and then Templates and search for Microsoft Teams policies. Once you received the Microsoft Teams policies, you can add each one with default settings or change as required to your user behavior.

For more Security blog-posts