This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Tech Community.
Have you been wanting to secure your cloud resources? Do you have agreements with non-Microsoft cloud applications? Do you want to share your cloud security knowledge and experience with others? Wait no longer, the Microsoft Cloud App Security (MCAS) Ninja training is here!
Short Links: http://aka.ms/MCASNinjaTraining and http://aka.ms/MCASNinja.
MCAS has hundreds of amazing videos available and it can sometimes be overwhelming with determining where to start and how to progress through different levels. We've gone through all these and created this repository of training materials - all in one central location! Please let us know what you think in the comments.
The overall structure of the training sessions are split into three main knowledge levels:
| Level |
Description |
|
Level 1: Fundamentals - Beginner level |
Introduction to Microsoft Cloud App Security, licensing, portal navigation, policy basics, and overall definitions. |
|
Level 2: Intermediate - Associate level |
Capability demos, automatic governance, overall deployment, and connecting 3rd party apps. |
|
Level 3: Advanced - Expert level |
Power automate, 3rd party IdP integration, and advanced use case scenarios. |
After each level, we will offer you a knowledge check based on the training material you have just finished! Since there’s a lot of content, the goal of the knowledge checks is to help ensure understanding of the key concepts that were covered. Lastly, there’ll be a fun certificate issued at the end of the training! Disclaimer: This is not an official Microsoft certification and only acts as a way of recognizing your participation in this training content.
We plan to update this training on a quarterly basis to ensure that you all have the latest and the greatest training materials. Please do check back often for new training content.
-
Microsoft 365 Defender (previously Microsoft Threat Protection)
-
Microsoft Defender for Endpoint (previously Microsoft Defender Advanced Threat Protection)
-
Microsoft Defender for Office 365 (previously Office 365 Advanced Threat Protection)
-
Microsoft Defender for Identity (previously Azure Advanced Threat Protection)
Please let us know what you think about this training!
Acronyms
| Acronyms |
Full Name |
|
MCAS |
Microsoft Cloud App Security |
|
RBAC |
Role-based access control |
|
MDATP |
Microsoft Defender Advanced Threat Protection |
|
AATP |
Azure Advanced Threat Protection |
|
ATP |
Advanced Threat Protection |
|
AIP |
Azure Information Protection |
|
ASC |
Azure Security Center |
|
AAD |
Azure Active Directory |
|
CASB |
Cloud Access Security Broker |
|
MTP |
Microsoft Threat Protection |
|
GCC |
Government Community Cloud |
|
GCC-H |
Government Community Cloud High |
|
MDI |
Microsoft Defender for Identity |
|
MDO |
Microsoft Defender for Office 365 |
|
MDE |
Microsoft Defender for Endpoint |
Table of Contents
Microsoft Cloud App Security - Fundamentals
Module 1. Fundamental level Overview
Module 2. MCAS Introduction
Module 3. Initial Settings
Module 4. Cloud Discovery
Module 5. Information Protection and Real-Time Controls
Module 6. Threat Detection
Fundamentals Knowledge Check
Microsoft Cloud App Security - Intermediate
Module 1. Intermediate Level Overview
Module 2. Cloud Discovery
Module 3. Information Protection and Real-Time Control
Module 4. Threat Detection
Intermediate Knowledge Check
Microsoft Cloud App Security - Advanced
Module 1. Advanced Level Overview
Module 2. Power Automate
Module 3. 3rd Party IdP configuration
Module 4. Conditional Access App Control steps for non-Microsoft SAAS applications
Module 5. SIEM Integration
Module 6. Advanced Scenarios and Guidance
Module 7, Additional Blogs and Information
Advanced Level Knowledge Check
Legend
 Docs on Microsoft |
 Blogs on Microsoft |
 Product videos |
 Webcast recordings |
 Tech Community |
  Interactive guides |
|
⤴ External Sites |
 GitHub |
Microsoft Cloud App Security - Fundamentals [Beginner Level]
Module 1. Fundamental Level Overview
| Training Title | Description |
| Introduction to MCAS Beginner Level Training |
This video provides a summary of what contents will be covered in the Fundamentals (Beginner level) training |
| MCAS Tech Community |
This is a Microsoft Cloud App Security (MCAS) Community space that allows users to connect and discuss the latest news, upgrades, and best practices with Microsoft professionals and peers. |
 Top 20 Use Cases for CASBs |
This document provides use cases that can be leveraged during proof of concept (POC), or as prep step for deploying CASB solution (looking for ways to prioritize deployment components). |
 What is a CASB and Why do I need one? |
This blog provides an overview of CASBs and why they are important for securing your cloud resources. |
Module 2. MCAS Introduction
| Training Title | Description |
| Microsoft Cloud App Security Introduction |
This is an introductory video presentation of Microsoft's Cloud Access Security Broker(CASB): Microsoft Cloud App Security (MCAS) |
 MCAS Best Practices |
This article outlines the best practice for protecting your organization using MCAS. The Best Practice comes from our overall experience working with Cloud Security and from our customers, like you. |
 MCAS User Interface Updates |
This blog provides an update on the MCAS UI changes. |
| MCAS Licensing |
This video provides an overview of MCAS licensing information |
| MCAS Licensing Datasheet |
This document is the MCAS licensing datasheet mentioned in the MCAS Licensing video. |
| Difference between MCAS and OCAS |
This document outlines the differences between MCAS and OCAS |
| Difference between MCAS and AAD Discovery |
This document outlines the differences in discovery capabilities between MCAS and AAD |
| TCO/ROI of Microsoft Cloud App Security (Forrester Study) |
This video goes over the result of a Forrester Study from May 2020 with the Total Cost of Ownership and Return on Investment of MCAS. |
| ⤴ The Total Economic Impact of Microsoft Cloud App Security |
This site provides an overview of the study, |
Module 3. Initial Settings
| Training Title | Description |
 Connect Apps to get visibility and protection |
This article outlines the steps on connecting the applications to MCAS to enable greater visibility and control over the application. |
| This video walks through how to connect applications to MCAS. | |
| This blog provides a brief video overview on how to connect GitHub, Salesforce, Box, and Slack, to MCAS. These 4 videos are also listed below. | |
| In this video, we walk through how to connect GitHub to MCAS. | |
| In this video, we walk through how to connect Salesforce to MCAS. | |
| In this video, we walk through connecting Box to MCAS. | |
| In this video, we walk through connecting Slack to MCAS. | |
| This video shows how to add your organization's IP address ranges to remove complexities from policy creation, investigation, and improve the accuracy of your alerts. | |
| This article outlines the steps on how to configure IP addresses and use IP ranges and tags. | |
| This video shows how to import user groups into MCAS to help create relevant policies. | |
| This article outlines the steps on how to import user groups from connected apps | |
| In this video, we show you how to configure admin roles and set up role-based access controls. | |
| This article describes how to manage admin access in MCAS. | |
| In this video, we walk through the steps on adding Managed Security Service Provider (MSSP) access to MCAS. | |
|
|
This video provides an overview of how to view security configuration information in MCAS for Azure, AWS, and GCP. |
| This article describes how to access the security configuration information for Azure, AWS, and GCP in MCAS. |
Module 4. Cloud Discovery
| Training Title | Description |
| Introduction to MCAS Cloud Discovery |
This blog details how to get started in Cloud Discovery in MCAS. |
| Dashboard Basics |
This article gives a basic overview of how to navigate and use the dashboard. |
 Discovered Apps |
This article provides guidance on working with the discovered apps and dives deeper into the information provided by the dashboard. |
| App Risk Scoring |
This video provides an overview of how MCAS evaluates the risk over discovered SaaS apps in your environment. |
| Using the Cloud App Discovery Feature |
This video provides an overview of MCAS's cloud apps discovery feature. |
Module 5. Information Protection and Real-Time Controls
| Training Title | Description |
| Connect Office 365 |
This video demonstrates how to connect office 365 to MCAS and enable our powerful capabilities across DLP, Threat Protection, and more. |
| What is Conditional Access App Control? |
In this video, we explore what Conditional Access App Control is, how to deploy and configure it, and testing a scenario (Microsoft Teams). |
| Governance actions for non-O365 and Azure apps |
This video provides an overview of some of the governance actions that can be taken with MCAS. |
| Configure AAD with MCAS Conditional Access App for Session Controls (Downloads) |
In this video, we walk through how to configure real-time monitoring and control across your cloud apps leveraging our powerful, native integration with Azure AD conditional Access to provide inline controls for your downloads. |
| Block Sensitive Information Downloads |
This article walks you through a tutorial on how to create a session policy to block the download of sensitive information. |
| Configure AAD with MCAS Conditional Access App for Session Controls (Uploads) |
In this video, we walk through how to configure real-time monitoring and control across your cloud apps leveraging our powerful, native integration with Azure AD conditional Access to provide inline controls for your uploads. |
| Understanding Unified Labeling migration |
This blog explains what "Unified Labeling" is and how to use it in the migration scenario. |
Module 6. Threat Detection
| Training Title | Description |
| Threat Detection Overview |
In this video, we walk through MCAS's detection capabilities that allow you to identify advanced attackers and insider threats. |
| User and Entity Behavior Analytics |
This video provides a brief overview of User & Entity Analytics (UEBA) in MCAS. |
| Discover and Manage Risky OAuth applications |
In this video, we explore how MCAS can help you identify when users authorized OAuth apps, detect risky apps, and evoke access to risky apps. |
| How to investigate anomaly detection alerts |
This article provides general information on alerts that are detected by MCAS, and practical guidance on what needs to be done for alert investigation and remediation. |
| Manage OAuth apps - Working with OAuth app page |
This article provides instructions on using MCAS to manage OAuth applications. |
Knowledge Check - MCAS Fundamentals
Microsoft Cloud App Security - Intermediate [Associate Level]
Module 1. Intermediate Level Overview
| Training Title | Description |
| Introduction to MCAS Intermediate Level Training |
This video provides a summary of what contents will be covered in the Intermediate (Associate level) training |
| Microsoft Cloud App Security: Overview |
This is an overview video that discusses the different pillars and configuration steps for MCAS with demo. |
| Secure Access for applications with Microsoft Cloud App Security (MCAS) |
This article walks through how to secure access for applications with MCAS. |
Module 2. Cloud Discovery
| Training Title | Description |
| Cloud Discovery Interactive Guide |
This interactive guide walks through discovering, protecting, and controlling your apps. |
| Cloud Discovery Policies |
This article goes over on what are the cloud discovery policies within your MCAS environment. |
| How to exclude entities from discovery data |
This article provides you with instructions on excluding certain entities' data from being part of the Cloud Discovery data for reporting. |
| MCAS and MDE integration |
This article walks through the process of integrating MDE (formerly MDATP) and MCAS and how simple the integration is - without requiring an extra agent or proxy. |
| How to design and deploy a Log Collector for MCAS |
This video details the MCAS cloud discovery pillar and how to deploy a log collector. |
| Integrate with Zscaler |
If you work with both Cloud App Security and Zscaler, you can integrate the two products to enhance your security Cloud Discovery experience. |
| Integrate with iboss |
If you work with both Cloud App Security and iboss, you can integrate the two products to enhance your security Cloud Discovery experience. |
| Integrate with Corrata |
If you work with both Cloud App Security and Corrata, you can integrate the two products to enhance your security Cloud Discovery experience. |
| Integrate with Menlo |
If you work with both Cloud App Security and Menlo, you can integrate the two products to enhance your security Cloud Discovery experience. |
Module 3. Information Protection and Real-Time Controls
| Training Title | Description |
 Set up Document Fingerprinting in MCAS |
In this video, we walk through how to configure a file policy to detect document fingerprinting in your file repositories using MCAS. |
 Document fingerprinting in Microsoft 365 Compliance |
In this video, we walk through how to set up policies to detect document fingerprinting using Microsoft 365. |
 Protect and Control Information with MCAS |
In this interactive guide, we walk through common scenarios where you can control your information with MCAS. |
| Secure and Connect GitHub |
This blog walks through how to secure and connect your GitHub instance in MCAS. |
| Protecting GitHub |
This video walks through how to protect your GitHub instance using MCAS. |
| Secure and Connect Box |
This blog walks through how to secure and connect your Box instance in MCAS. |
| Protecting Box |
This video walks through how to protect your data in Box using MCAS. |
| Protect your Slack environment using Microsoft Cloud App Security |
This blog walks through how to protect your Slack environment using MCAS. |
| How Cloud App Security helps protect your Slack Enterprise |
This article goes over the capabilities in MCAS that can protect the Slack Enterprise environment. |
| Protect your AWS environment using Microsoft Cloud App Security |
This blog walks through how to secure and connect your AWS instance in MCAS. |
| Connect AWS for security auditing in MCAS |
This video walks through how to connect to AWS for security auditing in MCAS. |
| Connect AWS for security configuration in MCAS |
This video walks through how to connect to AWS for security configuration in MCAS. |
| Connect AWS for laaS protection in MCAS |
This video walks through how to connect to AWS for laaS protection in MCAS. |
| How Cloud App Security helps protect your oneLogin (Preview) |
This article provides information on how MCAS protects the One Login environment. |
| How Cloud App Security helps protect your Zendesk (Preview) |
This article provides information on how MCAS protects the Zendesk environment. |
| Connect ServiceNow to Microsoft Cloud App Security |
This article steps through how to connect MCAS to your existing ServiceNow account using the application's API. |
| Protecting Storage Apps and Malware Detection |
This video shows you how MCAS can help you protect your cloud storage apps and ensure that they are not infected with malware. |
| Malware detection in MCAS |
This article explains how malware detection work in MCAS. |
 Configuring a read-only mode for external users |
This video walks you through one of the many use-cases focused on external users using Conditional Access App Control - our reverse proxy solution. |
| Block unauthorized browsers from accessing corporate web apps |
This video detailing the policy configuration required to block unauthorized browsers from accessing corporate web applications. |
| Using Admin Quarantine to investigate files |
This article is a tutorial that walks through how to use admin quarantine to protect your files. |
| Automatically apply labels to your sensitive files |
This article is a tutorial that walks through applying labels to a sensitive file. |
| Information Protection Policies |
This article walks you through how to create information protection policies in MCAS. |
| MCAS or MIP? |
This blog walks you through some of the top use cases and questions asked regarding when to use MCAS vs when to use MIP. |
| AWS with AAD and MCAS |
In this video, we walk through the architecture used to configure AWS with AAD and use MCAS to apply additional protections. |
| MCAS: How to protect AWS admins and Developers |
This blog shows you how to use MCAS to protect AWS Admins and Developers. |
| Azure Information Protection integration - How to integrate Azure information Protection with Cloud Apps Security |
This article steps through how to integrate Azure information Protection with MCAS. |
| Recommended Microsoft Cloud App Security policies for SaaS apps - Microsoft 365 Enterprise - Office 365 |
This article provides the recommended MCAS policies to use for SaaS applications. |
| MCAS Data Protection Blog Series: MCAS DLP Walk-through |
This blog walks through how to configure DLP policies using MCAS. |
 MCAS: Top 5 Queries you need to save |
This blog shares our top five custom queries to save for the five use cases. |
Module 4. Threat Detection
|
Training Title |
Description |
|
This article shows you how to create threat protection policies within your MCAS environment. |
|
| This article is designed to help you understand and navigate the enhanced investigation experience in MCAS and MDL | |
| This video provides an overview of MDI capability | |
 Microsoft Defender for Identity Ninja Training |
This blog provides information on where you learn more about Microsoft Defender for Identity |
| This interactive guide shows you the steps on how to manage threats in MCAS. | |
|
|
This video steps you through how to use the advanced hunting capability to investigate incidence using MCAS. |
Knowledge Check - MCAS Intermediate
Microsoft Cloud App Security - Advanced [Expert Level]
Module 1. Advanced Level Overview
| Training Title | Description |
| Introduction to MCAS Advanced Level Training |
This video provides a summary of what contents will be covered in the Advanced (Expert level) training. |
| Power Automate Blog Series:
Auto-Triage Infrequent Country Alerts using MCAS & Power Automate |
This blog is part of the Power Automate Blog Series. This blog walks through how to auto-triage country alerts using MCAS and Power Automate. |
| Triage Infrequent County Alerts using Power Automate and MCAS. |
This video walks through creating a new Power Automate Flow to automate the triage of infrequent Country alerts in MCAS (Threat Protection Pillar). |
| Request user validation to reduce your SOC workloads |
This video walks through how to use Power Automate Flow to request user validation for file sharing (Data Protection Pillar). |
| Request for Manager Action using Power Automate & MCAS |
In this video, we walk through how to use Power Automate Flow to request manager validation for their team. |
| Request for Manager Action : Step-by-step guidance |
This blog outlines the steps and guidance on using Power Automate Flow to request manager validation for their team. |
| Auto-disable malicious inbox rules using MCAS & Power Automate |
This video walks you through a new Power Automate Flow on how to remove malicious inbox rules detected in your cloud environment. |
Module 2. Non-Microsoft Party IdP configuration
| Training Title | Description |
| PingOne |
This article walks you through integrating PingOne with MCAS for Conditional Access App Control using Salesforce as an example. |
| ADFS |
This article walks you through integrating ADFS with MCAS for Conditional Access App Control using Salesforce as an example. |
| Okta |
This article walks you through integrating Okta with MCAS for Conditional Access App Control using Salesforce as an example. |
Module 3. Conditional Access App Control Steps for non-Microsoft SAAS applications
| Training Title | Description |
| Workplace for Facebook: Block/Apply DLP downloaded files in Workplace from Facebook with Microsoft Cloud App Security(CASB) |
This video steps through how to use Conditional Access App Control in MCAS for Workplace for Facebook. |
| Box |
This video steps through how to use Conditional Access App Control in MCAS for Box. |
| MCAS Data Protection Blog Series: Box Real-Time Protections |
This blog provides additional guidance on real-time protection for Box. |
| Slack: Block chats with sensitive data using Microsoft Cloud App Security |
This video steps through how to block chats with sensitive data using Conditional Access APP Control in MCAS. |
Module 4. SIEM integration
| Training Title | Description |
| Connect Azure Sentinel |
This video details how to connect Azure Sentinel (Microsoft's SIEM + SOAR product) to MCAS. |
| Azure Sentinel Entities Enrichment (Users) |
This video looks at how you can use the provided playbooks to enrich your impacted user profiles, and then consume it in Sentinel, ServiceNow, or Postman. |
| Microsoft CAS Infrequent Country triage with Azure Sentinel and Logic Apps |
This video walks you through the deployment of a playbook to use to triage your Azure Sentinel incidents. |
| Connect a 3rd Party SIEM |
This video details how to connect to third-party SIEM to MCAS. |
Module 5. Advanced Scenarios and Guidance
| Training Title | Description |
| Indicators of Compromise |
This video walks you through how to create custom Indicators of Compromise in MCAS. |
| MCAS and Microsoft Threat Protection |
This video guides you on how Microsoft is unifying our threat products. |
| Block Apps/Sites on iOS (Defender for Endpoint + MCAS) |
This video walks through blocking apps and sites on iOS, suing Defender for iOS, and using custom indicators of compromise from Microsoft Cloud App Security and Defender for Endpoint integration. |
| MCAS API Documentation |
This article describes how to interact with Cloud App Security over HTTPS. |
| Configuring a Log Collector behind a Proxy |
This article provides more information on configurations to ensure your log collector works when behind a proxy. |
| Automate MCAS Alerts with Power Automate |
This interactive guide walks through the steps needed to automate alert management using Power Automate |
| Microsoft Cloud App Security: The Hunt in a multi-stage incident |
This blog explains how to use Microsoft 365 Defender to address common alerts from MCAS to determine the threats' scope and impact. |
| Microsoft Cloud App Security: The Hunt for Insider Risk |
This blog outlines the use cases for using Microsoft 365 Defender to determine the "Insider Risk" alerts from MCAS. |
| Proactively hunt for threats with advanced hunting in Microsoft 365 Defender |
This article shows how to proactively hunt for threats using the Advance Hunting Tool in Microsoft 365 Defender. |
| GitHub - Microsoft/Microsoft-365-Defender-Hunting-Queries: Sample queries for Advanced hunting in Microsoft 365 Defender |
This blog provides a list of sample queries for Advance Hunting using Microsoft 365 Defender. |
Module 6. Additional Blogs and Information
| Training Title | Description |
|
|
This blog provides guidance on how to configure Azure AD Conditional Access to secure administrative access to Microsoft Cloud App Security (MCAS) and Defender for Identity (Formerly Azure ATP) |
| Limiting Inherited Roles from Azure Active Directory in MCAS |
This blog goes over a customer scenario for MCAS and the steps that can be taken to meet their requirements on limiting inherited AAD roles' accesses in MCAS. |
| ⤴ MCAS Learning Path | Check out these learning paths for MCAS |
| Lifecycle management strategy | Microsoft Docs |
This blog provides information on Cloud App Security Lifecycle Management |
Knowledge Check - MCAS Advanced
Once you've finished the training and the knowledge checks, please go to our attestation portal to generate your certificate - you'll see it in your inbox within 3 to 5 business days (Click Here).
We have a great lineup of updates for the next rendition (next quarter). If you'd like anything covered, please comment below. In addition, please reach out to us if you have any content that you would like to include as well.
We hope you all enjoy this training!
Feedback
Let us know if you have any feedback or relevant use cases/requirements for this portion of Cloud App Security by emailing, CASFeedback@microsoft.com and mention the core area of concern.
Learn More
For further information on how your organization can benefit from Microsoft Cloud App Security, connect with us at the links below:
|
Join the conversation on Tech Community. Stay up to date—subscribe to our blog. |
Upload a log file from your network firewall or enable logging via Microsoft Defender for Endpoint to discover Shadow IT in your network. |
|
Learn more—download Top 20 use cases for CASB. |
Connect your cloud apps to detect suspicious user activity and exposed sensitive data. |
|
Search documentation on Microsoft Cloud App Security. |
Enable out-of-the-box anomaly detection policies and start detecting cloud threats in your environment. |
|
Understand your licensing options . |
Continue with more advanced use cases across information protection, compliance, and more. |
|
Follow the Microsoft Cloud App Security Ninja blog and learn about Ninja Training. Go deeper with these interactive guides: · Discover and manage cloud app usage with Microsoft Cloud App Security · Protect and control information with Microsoft Cloud App Security · Detect threats and manage alerts with Microsoft Cloud App Security · Automate alerts management with Microsoft Power Automate and Cloud App Security |
|
To experience the benefits of full-featured CASB, sign up for a free trial—Microsoft Cloud App Security.
Follow us on LinkedIn as #CloudAppSecurity. To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity on Twitter, and Microsoft