Known Issues

Email Messages with "Do Not Forward" Flag Not Scanned

If a user composing an email chooses the Do not forward option from Options > Permission, Cloud App Security cannot scan email message contents.

Cloud App Security Failed to Scan any Files and Email Messages in Office 365 Services

Microsoft provides an option for administrators to choose whether to disable Basic authentication requests and allow only modern authentication to access Exchange Online and SharePoint Online/OneDrive for Business, in the purpose of helping protect customers' Office 365 from brute force or password spray attacks. Because Cloud App Security uses Basic authentication, that is, combination of a username and a password, to access customers' Office 365 services, if the administrator enables Basic authentication in provisioning but disables it after that, Cloud App Security will not be able to pass the access control on the Office 365 side and scanning will fail.

To ensure proper scanning by Cloud App Security, make sure to always enable Basic authentication as follows:

  • For Exchange Online: Connect to Exchange Online PowerShell and run this command Set-OrganizationConfig -OAuth2ClientProfileEnabled $true to enable modern authentication.

  • For SharePoint Online/OneDrive for Business: Click Allow under Control access from apps that don't use modern authentication from Admin > Admin centers > SharePoint > access control on the Microsoft Office 365 Admin Center page.

This issue does not affect Box, Dropbox and Google Drive.

Cloud App Security Failed to Protect Microsoft Office 365 Services if MFA is enabled on Delegate Accounts

After the Exchange Online and SharePoint Online Delegate Accounts are created through either automatic or manual provisioning, if MFA is enabled on these accounts, Cloud App Security will fail to apply policies to email messages and files because it cannot pass the access control on the Office 365 service side. To ensure successful policy enforcement, do not enable MFA on the Exchange Online and SharePoint Online Delegate Accounts.

Newly Added Users Not Immediately Appearing on the Exchange Policy Configuration Page

After registering Cloud App Security, newly added users will not immediately appear on the Exchange policy configuration page. Click Click here if you do not see new users when you create/update the Exchange Online policy. The page automatically updates after Cloud App Security synchronizes with Active Directory once per day.

Newly Added SharePoint Site Not Appearing Immediately on the SharePoint Policy Configuration Page

After registering Cloud App Security, newly added SharePoint sites will not immediately appear on the SharePoint policy configuration page. Click Click here if you do not see new sites when you create/update the SharePoint Online policy. The page automatically updates after Cloud App Security synchronizes with SharePoint Online once per day.

Newly Added OneDrive, Box, Dropbox or Google Drive Users Not Appearing Immediately on the OneDrive, Box, Dropbox or Google Drive Policy Configuration Page

After registering Cloud App Security, newly added OneDrive for Business, Box, Dropbox or Google Drive users will not immediately appear on the OneDrive, Box, Dropbox or Google Drive policy configuration page. Click Click here if you do not see new OneDrive for Business, Box, Dropbox or Google Drive users when you create or update the OneDrive for Business, Box, Dropbox or Google Drive policy. The page automatically updates after Cloud App Security synchronizes with OneDrive for Business, Box, Dropbox or Google Drive once per day.