My dear friend and MVP Daniel Laskewitz just made me aware of a cool new connector for Microsoft Flow. This connector enables you to use Microsoft Flow for actions within Microsoft Cloud App Security.
Cloud App Security is a comprehensive security suite. It provides (security) administrators with many functions for detecting anomalies and acting on these. With the new Flow connector, you now have the option to trigger a Flow based on a MCAS policy. Defacto offering workflow options based on MCAS alerts.
Let’s check it out.
In order to use the connector, you will need to create an access code in MCAS. You simply go to the system settings and Security extensions. Here you create a new API token. Copy the API token, as you will need it for configuring the Flow connector.
In Microsoft Flow you create a new connection to MCAS. You use the new connector for this. Provide a name for the connection and enter the API key.
Now you can create the Flow needed. Because the connector returns information from MCAS, you can include information on the alert in an e-mail (for example). I just created a very simple flow which is triggered when a SharePoint file is shared with an external person.
Save the Flow. Now go to your MCAS policy. Here you can select the Flow as an alerting action (not as a governance action!).
And then……. It works!
Beware though. When I was looking at this new connector, I was also looking at the OAuth App policies in MCAS. I was just playing around….. But I wasn’t able to get the Flow connector to work. Turns out that my test OAuth App policy was to strict and it blocked PowerApps and Flow to connect to MCAS……… So check out those settings if it does not work 🙂