Technical concepts of CASB Reverse Proxy

MicrosoftLearner 1 Reputation point
2020-06-11T07:23:51.24+00:00

Lately, I have been noticing a lot of blogs about CASB Reverse Proxy being used to route the traffic of a cloud application to improve security by parsing the traffic and applying various conditions to evaluate its risks.

I couldn't find any technical explanation related to this.

  1. How can a cloud application like Office 365 or GSuite route its traffic through a proxy server? I do not see any configuration for this in these apps.
  2. Assuming, I configure the proxy to point to a cloud application like Microsoft Teams. Whenever I access the proxy url, it proxies everything to Microsoft Teams. In my Reverse Proxy, I either get the url being accessed or the HTML content of the page being loaded. How can these be used to evaluate security risks? I couldn't find any docs in Office 365 or Gsuite regarding this.
  3. Are there any APIs provided by Office 365 for this? I also checked Microsoft Graph Security API but it looks like those APIs give data about actions already completed and not the ongoing action which is what a reverse proxy is for..

PS: I'm not looking at any specific vendor. I'm just trying to learn the technical concepts. Any answers in context of Office 365 or Gsuite is appreciated because I have only those accounts and not any other cloud application.

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,201 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. JamesTran-MSFT 36,376 Reputation points Microsoft Employee
    2020-06-11T23:35:35.253+00:00

    @MicrosoftLearner-1334

    I was able to look into your question and will provide some links below that will hopefully help.

    When it comes to a CASB specific feature, there's Microsoft Cloud App Security, which is a Cloud Access Security Broker(CASB) that supports various deployment models including log collection, API connectors, and reverse proxy. I wasn't able to find proxy specific documentation, however, you can find out more using the links below.

    Links:

    Lastly, you should be able to navigate through the Microsoft Cloud App Security Documentation using the left tile page if you need more info: 9894-doctiles.jpg

    Hopefully this helps answer questions, if after reading through the docs you have any more questions please let me know!

    Please do not forget to "Accept the answer", whenever the information provided helps you. This will help others in the community.

  2. JamesTran-MSFT 36,376 Reputation points Microsoft Employee
    2020-06-12T23:09:24.077+00:00

    @MicrosoftLearner-1334,

    Unfortunately the only public documentation that we would have regarding CASB would be the documents I linked above regarding Microsoft Cloud App Security. I was able to find additional CASB related docs for McAfee and bitglass, which I'll link below. When it comes to your questions, I was able to read through the docs I linked and will answer your questions as best I can referencing these docs.

    How they are authenticated? I'm assuming by "they" you're referring to how're user's authenticated?

    • Conditional Access App Control uses a reverse proxy architecture and integrates with your Identity Provider (IdP). Conditional Access App Control enables user app access and sessions to be monitored and controlled in real time based on access and session policies. Creating a session policy with Conditional Access App Control enables you to control user sessions by redirecting the user through a reverse proxy instead of directly to the app. From then on, user requests and responses go through Cloud App Security rather than directly to the app. You can find out more here.

    How are DLP rules applied when traffic is routed through a reverse proxy? By DLP are you referring to Data Loss Prevention?

    • If so, Access and session policies are used within the Cloud App Security portal to further refine filters and set actions to be taken on a user. With the access and session policies, you can - Prevent data exfiltration, Protect on Download, Prevent upload of unlabeled files, etc.. You can find out more here.

    Are there any APIs provided by Microsoft? - In regards to the APIs, the only CASB/Microsoft Cloud App Security APIs we have should be listed here. 10001-api.jpg

    Additional Links:

    Microsoft Cloud App Security Architecture

    Tech Community Announcement

    McAfee CASB

    bitglass architecture

    Please let us know if this reply helped resolve your question. If so, please remember to "mark as answer" so that others in the community facing similar issues can easily find a solution.