Flow and MCAS working together

Posted by

My dear friend and MVP Daniel Laskewitz just made me aware of a cool new connector for Microsoft Flow. This connector enables you to use Microsoft Flow for actions within Microsoft Cloud App Security.

Cloud App Security is a comprehensive security suite. It provides (security) administrators with many functions for detecting anomalies and acting on these. With the new Flow connector, you now have the option to trigger a Flow based on a MCAS policy. Defacto offering workflow options based on MCAS alerts.

Let’s check it out.

In order to use the connector, you will need to create an access code in MCAS. You simply go to the system settings and Security extensions. Here you create a new API token. Copy the API token, as you will need it for configuring the Flow connector.

MCAS_1

In Microsoft Flow you create a new connection to MCAS. You use the new connector for this. Provide a name for the connection and enter the API key.

Flow_1

Flow_2

Now you can create the Flow needed. Because the connector returns information from MCAS, you can include information on the alert in an e-mail (for example). I just created a very simple flow which is triggered when a SharePoint file is shared with an external person.

Flow_3

Save the Flow. Now go to your MCAS policy. Here you can select the Flow as an alerting action (not as a governance action!).MCAS_2MCAS_3

And then……. It works!

Outlook

Beware though. When I was looking at this new connector, I was also looking at the OAuth App policies in MCAS. I was just playing around….. But I wasn’t able to get the Flow connector to work. Turns out that my test OAuth App policy was to strict and it blocked PowerApps and Flow to connect to MCAS……… So check out those settings if it does not work 🙂

3 comments

  1. HI, Just curious on your line “But I wasn’t able to get the Flow connector to work. Turns out that my test OAuth App policy was to strict and it blocked PowerApps and Flow to connect to MCAS” can MCAS be used to block th usage of connectors form Flow and powerApps?

    1. Hi Tony,

      In my case I used an OAuth App policy in MCAS when writing this blog: https://alberthoitingh.com/2018/12/14/using-cloud-app-security-against-illicit-oauth-consent-grants/. This app was too strict. When Flow attempted to contact MCAS (using OAuth), it was flagged as “uncommon”. And my policy was set to “disallow”.

      But this only works when MCAS monitors the traffic to the specific cloud-app (imo).
      I wouldn’t be sure if this works for all Flow connectors. But one note on that: Microsoft’s going to introduce a new option where you can limit the connector. Nowadays the connectors work in both directions. Microsoft’s going to allow a setting to only allow inbound or outbound connections. So, for example, you can read Tweets, but cannot send Tweets to Twitter using Flow.

      And, but this is Microsoft talking (not me), if you really want to block a connector; you can raise a support ticket at Microsoft. And they will block the connector for you…..

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s