I’m trying to integrate Zscaler with our MS Defender for Cloud App environment to synchronize the unsanctioned apps and get logs from Zscaler to Defender for Cloud. I’ve followed @NathC great topic here:
[Guide] Integrate Zscaler with Microsoft Cloud App Security (MCAS)
And also Zscaler’s official resources:
Integrating with Microsoft Cloud App Security
The status is the following:
- NSS Server in our Azure environment OK
- The connection from the NSS to Zscaler is OK
- The connection from NSS to MCAS is OK
I’ve generated a Token from MCAS portal using my Security Administrator rights. I can validate this token on Zscaler - Partners integration page and the unsanctioned App synchronization works fine.
The problem comes that the integration is failed after some time. I highly suppose that the problem comes from the fact that the Token is generated by my account which doesn’t have a 24X7 Security Administrator right → We use Privileged Identity Management. I’ve raised Zscaler support for this assumption and wait for an answer.
In the official Zscaler documentation, it is not explicitly explained where to get the token, but Zscaler refers to these pages Managing API tokens to create an application context access App. This makes sense because the access won’t rely anymore on my user context but on an application.
I’ve then created the application, assigned the appropriate permission, and generated the token per PowerShell using this Microsoft resource :
Create an app to access Microsoft Defender for Cloud Apps without a user
The Token I create looks valid in JWT as I get the expected output in MS Screenshots. However, this token doesn’t work on Zscaler “Partner Integration” which makes me think that the MCAS Portal Security Extension is where I would need to generate the token.
My questions are the following:
- Did anyone leaded a successful Zscaler - MCAS integration? If yes how was the token generated?
- Is the Token generated the same used in Zscaler Portal AND in the NSS Server to send logs to MCAS ?
Thanks for any feedback!