Prisma SaaS - Office 365 Cloud App onboarding completed as "Monitoring," but assets are not scanned

Prisma SaaS - Office 365 Cloud App onboarding completed as "Monitoring," but assets are not scanned

8441
Created On 09/18/20 02:51 AM - Last Modified 03/01/23 17:51 PM


Symptom


  • Customers added an Office 365 Cloud App on their Prisma Saas tenant by following the admin guide.
  • Onboarding seems to be completed as "Monitoring. is displayed.
  • Even though "Fix Office 365 Onboarding Issues" is checked and the above guide is followed their Assets on Office 365 are not scanned.
  • Re-Onbording also does not work to fix this situation.
monitoring but no assets

 

Environment


  • Prisma SaaS
  • Onboarding Office 365 cloud App

Cause


  • An short access token timer setting on Azure side may causes this situation.
  • According to a Microsoft documentation of Configurable Token Lifetimes, the default access token policy is to expire the access tokens in 1 hour. 
  • When this timer setting has a short value such as 15 minutes, the assets scan may fail.

Resolution


  1. Check the access token timer setting with Azure admins and change the setting for a longer time such as the default value of 1 hour.
  2. In this example, changing this time on Azure side to default 1 hour resolved the issue, Assets on Office 365 are scanned as expected.
User-added image

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HAm1CAG&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language