This article is contributed. See the original author and article here.

Welcome to the MCAS Ninja Training!


Updated Ninja Diagram.png


Check out the MCAS Ninja Training video introduction here!


 


Have you been wanting to secure your cloud resources? Do you have agreements with non-Microsoft cloud applications? Do you want to share your cloud security knowledge and experience with others? Wait no longer, the Microsoft Cloud App Security (MCAS) Ninja training is here!


 


I am very pleased to introduce my MCAS Ninja training to you.  MCAS has hundreds of amazing videos out there and it can sometimes be overwhelming with determining where to start and how to progress through different levels. Over the last few months, I’ve gone through all these and created this repository of training materials in an ascending order… all in one central location! Please let me know what you think in the comments.


 


In terms of overall structuring, the training sessions are split into three different knowledge levels:


·       Beginner (Fundamentals)


·       Intermediate (Associate)


·       Advanced (Expert)


 






















Module



Description



1.       Level 1: Beginner (Fundamentals)



Introduction to Microsoft Cloud App Security, licensing, portal navigation, policy basics, and overall definitions.



2.       Level 2: Intermediate (Associate)



Capability demos, automatic governance, overall deployment, and integrations.



3.       Level 3: Advanced (Expert)



Power automate, 3rd party IdP integration, and advanced use case scenarios.



 


In addition, after each module/level, there will be a knowledge check based on the training material you’d have just finished! Since there’s a lot of content, the goal of the knowledge checks is to help you determine if you were able to get some of the major key takeaways. Lastly, there’ll be a fun certificate issued at the end of the training: Disclaimer: This is not an official Microsoft certification and only acts as a way of recognizing your participation in this training content.


 


Lastly, this training will be updated on a quarterly basis to ensure you all have the latest and greatest material!


 


Let us know what you think!


 


P.S I wanted to give my colleague, @DanEdwards, a huge kudos for helping me automate the certificate app and knowledge check! Thank you, Dan!


 





































































Legend/Acronyms



(D)



Microsoft Documentation



(V)



Video



(B)



Blog



MCAS



Microsoft Cloud App Security



RBAC



Role-based access control



MDATP



Microsoft Defender Advanced Threat Protection



AATP



Azure Advanced Threat Protection



ATP



Advanced Threat Protection



AIP



Azure Information Protection



ASC



Azure Security Center



AAD



Azure Active Directory



CASB



Cloud Access Security Broker



MTP



Microsoft Threat Protection



GCC



Government Community Cloud



GCC-H



Government Community Cloud High



 


Note: Threat protection product names from Microsoft are changing. Read more about this and other updates here. We’ll be updating names in products and in the docs soon.




  • Microsoft 365 Defender (previously Microsoft Threat Protection)




  • Microsoft Defender for Endpoint (previously Microsoft Defender Advanced Threat Protection)




  • Microsoft Defender for Office 365 (previously Office 365 Advanced Threat Protection)




  • Microsoft Defender for Identity (previously Azure Advanced Threat Protection)




 


MCAS Ninja Training


 


Level: Beginner  (Fundamentals) (Video Introduction)



  1. Community Information

    1. MCAS Tech Community

      1. This is a Microsoft Cloud App Security (MCAS) Tech Community space that provides an opportunity to connect and discuss the latest news, updates, and best practices with Microsoft professionals and peers.





  2. Understanding CASBs

    1. Top 20 Use Cases for CASBs (D)

      1. This document provides use cases which can be leveraged as a starting point during a proof of concept (POC), or as you’re getting ready to deploy your CASB solution looking for ways to prioritize your deployment component.





  3. MCAS Best Practices (D)

    1. This article provides best practices for protecting your organization by using Microsoft Cloud App Security. These best practices come from our overall experience working with Cloud App Security and from the experiences from customers like you.



  4. MCAS Introduction

    1. MCAS Licensing (V)*subject to change*

      1. Questions on MCAS licensing? Contact your Microsoft reseller or Microsoft Partner.

      2. MCAS License Datasheet (D)

      3. Differences between MCAS and OCAS (D)

      4. Differences between MCAS and CAD (D)



    2. Microsoft Cloud App Security Introduction (V)

      1. This is an introductory video presentation of Microsoft’s Cloud Access Security Broker (CASB): Microsoft Cloud App Security (MCAS).





  5. Initial Settings

    1. Configure IP Addresses (V)

      1. This video shows you how to add your organization’s IP address ranges to remove complexities from policy creation, investigation, and improve the accuracy of your alerts.

      2. For more information, check out this article. (D)



    2. Import User Groups (V)

      1. This video shows you how to important user groups into MCAS to help create relevant policies.

      2. For more information, check out this article. (D)



    3. Configure Admin Roles (V)

      1. In this video, we show you how to configure admin roles and setup role-based access controls.

      2. For more information, check out this article. (D)



    4. Configure MSSP Access (V)

      1. The above video walks you through adding Managed Security Service Provider (MSSP) access to MCAS.





  6. Cloud Discovery

    1. Dashboard Basics (D)

      1. The above article gives an overview on how to work with MCAS daily while providing a few tips on how to navigate the portal.



    2. Discovered Apps (D)

      1. The above article provides guidance on how to work with discovered apps and the steps to take to dive deep into what the dashboard offers.



    3. App Risk Scoring (V)

      1. This video provides an overview on how MCAS evaluates the risk over discovered SaaS apps in your environment.

      2. For more information, check out this article. (D)



    4. MCAS App Connectors (V)

      1. This video provides a brief introduction on MCAS 3rd party SaaS connectors.

      2. For more information, check out this article. (D)



    5. Using the Cloud App Discovery Feature (V)

      1. This is a video overview of MCAS and its discovery functions.





  7. Information Protection and Real-time Controls

    1. Connect Office 365 (V)

      1. This video demonstrates how to connect Office 365 to Microsoft Cloud App Security and enable our powerful capabilities across DLP, Threat Protection, and more.



    2. Configure AAD with MCAS Conditional Access App Control (V)

      1. In this video, we walk you through how to configure real-time monitoring and control across your cloud apps leveraging our powerful, native integration with Azure AD Conditional Access.



    3. What is Conditional Access App Control? (V)

      1. In this video, we explore what Conditional Access App Control is, how to deploy and configure it, and testing of a scenario (Microsoft Teams).



    4. Block Sensitive Information Downloads (D)

      1. The above article walks you through a tutorial on how to create a session policy to block the download of sensitive information.





  8. Threat Detection

    1. Threat Detection Overview (V)

      1. The above video walks you through MCAS’s threat detection capabilities that allow you to identify advanced attackers and insider threats.



    2. User and Entity Behavior Analytics (V)

      1. This video provides a brief overview on User & Entity Behavior Analytics (UEBA) in MCAS.



    3. Discover and Mange risky OAuth applications (V)

      1. This video discusses how MCAS can help you identify when users authorize OAuth apps, detect risky apps, and revoke access to risky apps.






Level: Beginner (Fundamentals) Knowledge Check


 


Level: Intermediate (Associate) (Video Introduction



  1. Overview

    1. Microsoft Cloud App Security: Overview (V)

      1. This is an overview video discussing the different pillars and configuration steps for MCAS with a demo.





  2. Cloud Discovery

    1. Cloud Discovery Interactive Guide (V)

      1. This interactive guide walks you through discovering, protecting, and controlling your apps.



    2. Cloud Discovery Policies (D)

      1. The above article walks you through creating cloud discovery policies within your MCAS environment.



    3. MCAS and MDATP Integration (V)

      1. This video walks through the process of Integrating MDATP and MCAS and how simple the integration is—without requiring extra agents or proxies.

      2. For more information, check out this article. (D)



    4. Log Collector Configuration (V)

      1. An overview on using the log collector to enable cloud discovery and a walk-through on deployment.

      2. For guidance on log collector deployment, choose your deployment mode here and follow the accompanying steps. (D)



    5. Integrate with Zscaler (D)

      1. If you work with both Cloud App Security and Zscaler, you can integrate the two products to enhance your security Cloud Discovery experience.



    6. Integrate with iboss (D)

      1. If you work with both Cloud App Security and iboss, you can integrate the two products to enhance your security Cloud Discovery experience.



    7. Integrate with Corrata (D)

      1. If you work with both Cloud App Security and Corrata, you can integrate the two products to enhance your security Cloud Discovery experience for mobile app use.





  3. Information Protection and Real-Time Controls

    1. Protecting Storage Apps and Malware Detection (V)

      1. This video shows you how MCAS can help you protect your cloud storage apps and ensure that they are not infected with malware.

      2. For more information, please see this article. (D)



    2. Configuring a read-only mode for external users (V)

      1. This video walks you through one of the many use-cases focused on external users using Conditional Access App Control, our reverse proxy solution.



    3. Block unauthorized browsers form accessing corporate web apps (V)

      1. A video detailing the policy configuration required to block unauthorized browsers from accessing corporate web applications.



    4. Using Admin Quarantine to investigate files (D)

      1. The above article is a tutorial helping you use admin quarantine to protect your files.



    5. Automatically apply labels to your sensitive files (D)

      1. The above article is a tutorial walking you through applying a label to a sensitive file.



    6. Information Protection Policies (D)

      1. The above article walks you through creatin information protection policies within your MCAS environment.





  4. Threat Detection

    1. Threat Policies (D)

      1. The above article walks you through creatin threat protection policies within your MCAS environment.



    2. Azure Advanced Threat Protection Integration

      1. How Azure ATP integrates with MCAS (D)

      2. The above article is designed to help you understand and navigate the enhanced investigation experience in MCAS with Azure ATP.



    3. Detect Threats and Manage Alerts (V)

      1. The interactive guide above walks you through the steps of managing threats and alerts.



    4. Malware Hunting and Automatic Remediation (V)

      1. This video provides a brief overview of Malware Hunting in SaaS Apps using MCAS.






Level: Intermediate (Associate) Knowledge Check


 


Level: Advanced (Expert) (Video Introduction)



  1. Power Automate Blog Series (B)

    1. Triage Infrequent Country Alerts using Power Automate and MCAS  (V)

      1. A video walk- through on creating a new Power Automate Flow to automate the triage of Infrequent Country alerts in MCAS (Threat Protection Pillar).



    2. Request user validation to reduce your SOC workload  (V)

      1. A vide walk-through on using Power Automate Flow to request user validation for file sharing (Data Protection Pillar).



    3. Request for Manager Action (V)

      1. This video walks you through using Power Automate Flow to request manager validation for their team.

      2. Step-by-step guidance (B)



    4. Auto-disable malicious inbox rules using MCAS & Power Automate (V)

      1. This video walks you through a new Power Automate Flow on how to remove malicious inbox rules detected in your cloud environment.





  2. 3rd Party IdP Configuration 

    1. PingOne (D)

      1. This document walks you through integrating PingOne with MCAS for Conditional Access App Control using Salesforce as an example.



    2. ADFS (Coming soon!)

    3. Okta (Coming soon!)



  3. Conditional Access App Control steps for non-Microsoft SAAS applications

    1. Workplace for Facebook (V)

    2. Box (V)

    3. Slack (V)



  4. SIEM Integrations

    1. Connect Azure Sentinel (V)

      1. This video details how to connect Azure Sentinel (Microsoft’s SIEM + SOAR product) to MCAS.



    2. Azure Sentinel Entities Enrichment (Users) (V)

      1. This video looks at how you can use the provided playbooks to enrich your impacted user profiles, and then consume it in Sentinel, ServiceNow, or Postman.



    3. Microsoft CAS Infrequent Country triage with Azure Sentinel and Logic Apps (V)

      1. This video walks you through the deployment of a playbook to using it to triage your Azure Sentinel incidents.



    4. Connect a 3rd Party SIEM (V)

      1. This video details how to connect a third party SIEM to MCAS.    





  5. Advanced Scenarios and Guidance

    1. Indicators of Compromise  (V)

      1. This video walks you through how to create custom Indicators of Compromise in MCAS.



    2. MCAS and Microsoft Threat Protection  (V)

      1. A video guide on how Microsoft is unifying our threat products.



    3. MCAS API Documentation (D)

      1. The above article describes how to interact with Cloud App Security over HTTPS.



    4. Configuring a Log Collector behind a Proxy (D)

      1. The above article walks you through further configuration to ensure your log collector works when behind a proxy.



    5. Ninja Training Blog Series (B)

      1. This blog series dives into partner specific topics (such as ideas for managed services, reporting dashboards, playbooks, and more) that you can use to help your clients be successful with Microsoft Cloud App Security.



    6. MCAS Data Protection Blog Series (B)

      1. This blog goes through different data protection scenarios based on questions the CxE team has received from customers.



    7. Securing Administrative Access to Microsoft Cloud App Security and Defender for Identities (B)

      1. This blog provides guidance on how to configure Azure AD Conditional Access to secure administrative access to Microsoft Cloud App Security (MCAS) and Defender for Identities (formerly Azure ATP).



    8. Limiting Inherited Roles from Azure Active Directory in MCAS (B)

      1. This blog goes over a customer scenario for MCAS and the steps that can be taken to meet their requirements on limiting inherited AAD roles’ accesses in MCAS.





  6. Important Announcements

    1. Unified Data Loss Prevention Post Announcement (B)

      1. This blog details all the latest and greatest information protection improvements including the new changes for MCAS.



    2. MCAS is removing non-secure cipher suites (B)

      1. This blog provides an update on the non-secure cipher suites no longer supported by MCAS and the steps to take to prepare for this change.



    3. Unified Labeling is now generally available in GCC and GCC-H environments (B)

      1. This blog provides an update that information protection is available in our government tenants.






Level: Advanced (Expert) Knowledge Check


 


Once you’ve finished the training and the knowledge checks, please go to our attestation portal to auto-generate your certificate (Coming Soon!).

Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.

%d bloggers like this: