As I have said previously, I believe Microsoft Cloud App Security is a must have for every tenant:
A great security add on for Microsoft 365
You can also manipulate it via an API and PowerShell. Most of this manipulation is currently mainly to read not set information but that is still handy. Here’s how to set that up.
You’ll firstly need to go to the Microsoft Cloud App Security console and select the COG in the upper right corner of the screen. From the menu that appears, select Security Extensions as shown.
The option for API tokens should be selected, if not select this. Now select the + button in the top right to generate a new token.
Enter a name for this new token and select the Generate button.
Your API token should be generated as shown. Copy both the token and the URL and select the Close button. Note, you’ll need to take a copy of you token here as it won’t be available once you move forward.
You should now see the token listed in the Microsoft Cloud App Security portal as shown above.
This token can now be utilised to access Microsoft Cloud App Security via PowerShell. I have created a basic script for you to use here:
https://github.com/directorcia/Office365/blob/master/o365-mcas-api.ps1
that will basically return all of the data current in there.
You’ll then need enter the values from this configuration into the script prior to running it:
but in essence what that script does is take the token and uri and apply to the invoke-rest method to get a response. That return response contains a whole range of data from Microsoft Cloud App Security.
To see what you can and can’t do with the API visit the Microsoft Cloud App Security portal again and select the Question mark in the upper right this time. Select API documentation from the menu that appears.
In there you’ll find a range of information about the API.
As I said, most of the available command current just “get” information. Hopefully, commands that “set” information aren’t too far away.
CIAOPS 