Enable Microsoft Cloud App Security Integration with Azure Security Center

Trend Micro Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 750 automated best practice checks.

Risk level: Medium (should be achieved)
Rule ID: SecurityCenter-031

Ensure that Microsoft Cloud App Security (MCAS) integration with Azure Security Center (ASC) is enabled in order to allow the MCAS service to access your data and provide recommendations for missing configuration and security controls.

This rule resolution is part of the Conformity Security & Compliance tool for Azure.

Security

To enable Azure Security Center to integrate with other Azure services such as MCAS, you must allow those services to access your data. Microsoft Cloud App Security (MCAS) provides you with security configuration assessments for your Azure cloud subscriptions. The assessments, powered by Azure Security Center (ASC), provides recommendations for missing configuration and security controls. To benefit from the Microsoft Cloud App Security integration with Azure Security Center, your Azure subscription must have a Cloud App Security license (MCAS works only with Standard Tier subscriptions).


Audit

To determine if the Microsoft Cloud App Security (MCAS) service is allowed to access your data, perform the following operations:

Using Azure Portal

01 Sign in to the Azure Management Console.

02 Navigate to Azure Security Center blade at https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/.

03 In the blade navigation panel, under Management, choose Pricing & Settings.

04 On the Pricing & Settings page, click on the name of the Azure subscription that you want to examine, to access the Azure Security Center pricing and settings.

05 In the left navigation panel, under Settings, choose Integrations to access the integration settings of Azure Security Center with other Microsoft services.

06 Under Enable integrations, check the Allow Microsoft Cloud App Security to access my data setting status. If the Allow Microsoft Cloud App Security to access my data setting is disabled (i.e. the setting checkbox is not selected), the Microsoft Cloud App Security (MCAS) integration with Azure Security Center is not enabled in the selected subscription.

07 Repeat step no. 4 – 6 for each Microsoft Azure subscription available within your cloud account.

Using Azure CLI

01 Run account get-access-token command (Windows/macOS/Linux) with custom query filters to describe the configuration status of the Microsoft Cloud App Security – Azure Security Center integration in the current subscription:

az account get-access-token
  --query "{subscription:subscription,accessToken:accessToken}"
  --out tsv | xargs -L1 bash -c 'curl -X GET -H "Authorization: Bearer $1" -H "Content-Type: application/json" https://management.azure.com/subscriptions/$0/providers/Microsoft.Security/settings?api-version=2019-01-01' | jq '.|.value[] | select(.name=="MCAS")'|jq '.properties.enabled'

02 The command output should return the status of the requested service integration (true for enabled, false for disabled):

"false"

If the account get-access-token command output returns false, as shown in the example above, the Microsoft Cloud App Security (MCAS) integration with Azure Security Center is not enabled within the current subscription.

03 Repeat step no. 1 and 2 for each Microsoft Azure subscription available in your cloud account.

Remediation / Resolution

To enable the Microsoft Cloud App Security – Azure Security Center integration, perform the following operations:

Using Azure Portal

01 Sign in to the Azure Management Console.

02 Navigate to Azure Security Center blade at https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/.

03 In the blade navigation panel, under Management, choose Pricing & Settings.

04 On the Pricing & Settings page, click on the name of the Azure subscription that you want to access.

05 In the left navigation panel, under Settings, choose Integrations to access the integration settings available for Azure Security Center with other Microsoft services.

06 Under Enable integrations, select the Allow Microsoft Cloud App Security to access my data checkbox to enable the Microsoft Cloud App Security – Azure Security Center integration by allowing Microsoft Cloud App Security (MCAS) to access your data. Choose Save to apply the changes.

07 Repeat step no. 4 – 6 for each Microsoft Azure subscription available within your cloud account.

Using Azure CLI

01 Define the specifications required for the account get-access-token command. Set "properties" to "enabled": true in order to allow Microsoft Cloud App Security (MCAS) to access your data. Replace the highlighted information, i.e. <azure-subscription-id>, with your own Azure subscription ID and save the content to a JSON file named enable-mcas-security-center-integration.json:

{
  "id": "/subscriptions/<azure-subscription-id>/providers/Microsoft.Security/settings/MCAS",
  "kind": "DataExportSettings",
  "type": "Microsoft.Security/settings",
  
  "properties": {
    "enabled": true
  }
  
}

02 Run account get-access-token command (Windows/macOS/Linux) using the specifications defined at the previous step (i.e. enable-mcas-security-center-integration.json configuration file) to enable the Microsoft Cloud App Security – Azure Security Center integration by allowing Microsoft Cloud App Security (MCAS) to access your data:

az account get-access-token
  --query "{subscription:subscription,accessToken:accessToken}"
  --out tsv | xargs -L1 bash -c 'curl -X PUT -H "Authorization: Bearer $1" -H "Content-Type: application/json" https://management.azure.com/subscriptions/$0/providers/Microsoft.Security/settings/MCAS?api-version=2019-01-01 -d@"enable-mcas–security-center-integration.json"'

03 The output should return the account get-access-token command request metadata:

{
  "id": "/subscriptions/<azure-subscription-id>/providers/Microsoft.Security/settings/MCAS",
  "name": "MCAS",
  "type": "Microsoft.Security/settings",
  "kind": "DataExportSettings",
  "properties": {
    "enabled": true
  }
}

04 Repeat steps no. 1 – 3 for each Microsoft Azure subscription available in your cloud account.

References

Publication date Sep 19, 2021

Unlock the Remediation Steps


Free 30-day Trial

Automatically audit your configurations with Conformity
and gain access to our cloud security platform.

Confirmity Cloud Platform

No thanks, back to article

You are auditing:

Enable Microsoft Cloud App Security Integration with Azure Security Center

Risk level: Medium