My dear friend and MVP Daniel Laskewitz just made me aware of a cool new connector for Microsoft Flow. This connector enables you to use Microsoft Flow for actions within Microsoft Cloud App Security.
Cloud App Security is a comprehensive security suite. It provides (security) administrators with many functions for detecting anomalies and acting on these. With the new Flow connector, you now have the option to trigger a Flow based on a MCAS policy. Defacto offering workflow options based on MCAS alerts.
Let’s check it out.
In order to use the connector, you will need to create an access code in MCAS. You simply go to the system settings and Security extensions. Here you create a new API token. Copy the API token, as you will need it for configuring the Flow connector.
In Microsoft Flow you create a new connection to MCAS. You use the new connector for this. Provide a name for the connection and enter the API key.
Now you can create the Flow needed. Because the connector returns information from MCAS, you can include information on the alert in an e-mail (for example). I just created a very simple flow which is triggered when a SharePoint file is shared with an external person.
Save the Flow. Now go to your MCAS policy. Here you can select the Flow as an alerting action (not as a governance action!).
And then……. It works!
Beware though. When I was looking at this new connector, I was also looking at the OAuth App policies in MCAS. I was just playing around….. But I wasn’t able to get the Flow connector to work. Turns out that my test OAuth App policy was to strict and it blocked PowerApps and Flow to connect to MCAS……… So check out those settings if it does not work 🙂
HI, Just curious on your line “But I wasn’t able to get the Flow connector to work. Turns out that my test OAuth App policy was to strict and it blocked PowerApps and Flow to connect to MCAS” can MCAS be used to block th usage of connectors form Flow and powerApps?
In my case I used an OAuth App policy in MCAS when writing this blog: https://alberthoitingh.com/2018/12/14/using-cloud-app-security-against-illicit-oauth-consent-grants/. This app was too strict. When Flow attempted to contact MCAS (using OAuth), it was flagged as “uncommon”. And my policy was set to “disallow”.
But this only works when MCAS monitors the traffic to the specific cloud-app (imo).
I wouldn’t be sure if this works for all Flow connectors. But one note on that: Microsoft’s going to introduce a new option where you can limit the connector. Nowadays the connectors work in both directions. Microsoft’s going to allow a setting to only allow inbound or outbound connections. So, for example, you can read Tweets, but cannot send Tweets to Twitter using Flow.
And, but this is Microsoft talking (not me), if you really want to block a connector; you can raise a support ticket at Microsoft. And they will block the connector for you…..
Do you happen to now if MS are planning to provide flow capabilities to Governance Actions? that would be huge.
I know they’re working on more enhancements. But none I can share.
I am not able to get file path with extension from the alert. Do you know how to do that?
Not by heart. I’ll check it out and keep you posted.
Not sure if you can help, but when creating/editing a MCAS Policy, the “Send alerts to Power Automate” is greyed out despite having created a Cloud App Security playbook/flow – I’m using the same account for Power Automate and CAS but cannot for the life of me establish why I can’t select the flow – we are using PIM and Azure Roles etc – would that have any bearing?
Could it be that you’re disallowing OAuth applications from connecting? I had the same problem and in the end it was MCAS itself which was blocking unauthorised (new) OAuth connections. And the PowerPlatform connector does require this.