The azure-native:securityinsights:MCASDataConnector resource, part of the Pulumi Azure Native provider, registers a Microsoft Cloud App Security data connector within a Sentinel workspace. This guide focuses on one capability: connecting MCAS to Sentinel for threat detection.
MCAS data connectors require an existing Sentinel workspace, resource group, and active MCAS license. The example is intentionally minimal. Extend it with data type configuration and tenant ID specification for production deployments.
Connect Microsoft Cloud App Security to Sentinel
Security teams integrate MCAS with Sentinel to centralize cloud application threat detection and investigation workflows.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const mcasDataConnector = new azure_native.securityinsights.MCASDataConnector("mcasDataConnector", {
dataConnectorId: "c345bf40-8509-4ed2-b947-50cb773aaf04",
resourceGroupName: "myRg",
workspaceName: "myWorkspace",
});
import pulumi
import pulumi_azure_native as azure_native
mcas_data_connector = azure_native.securityinsights.MCASDataConnector("mcasDataConnector",
data_connector_id="c345bf40-8509-4ed2-b947-50cb773aaf04",
resource_group_name="myRg",
workspace_name="myWorkspace")
package main
import (
securityinsights "github.com/pulumi/pulumi-azure-native-sdk/securityinsights/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := securityinsights.NewMCASDataConnector(ctx, "mcasDataConnector", &securityinsights.MCASDataConnectorArgs{
DataConnectorId: pulumi.String("c345bf40-8509-4ed2-b947-50cb773aaf04"),
ResourceGroupName: pulumi.String("myRg"),
WorkspaceName: pulumi.String("myWorkspace"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var mcasDataConnector = new AzureNative.SecurityInsights.MCASDataConnector("mcasDataConnector", new()
{
DataConnectorId = "c345bf40-8509-4ed2-b947-50cb773aaf04",
ResourceGroupName = "myRg",
WorkspaceName = "myWorkspace",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.securityinsights.MCASDataConnector;
import com.pulumi.azurenative.securityinsights.MCASDataConnectorArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var mcasDataConnector = new MCASDataConnector("mcasDataConnector", MCASDataConnectorArgs.builder()
.dataConnectorId("c345bf40-8509-4ed2-b947-50cb773aaf04")
.resourceGroupName("myRg")
.workspaceName("myWorkspace")
.build());
}
}
resources:
mcasDataConnector:
type: azure-native:securityinsights:MCASDataConnector
properties:
dataConnectorId: c345bf40-8509-4ed2-b947-50cb773aaf04
resourceGroupName: myRg
workspaceName: myWorkspace
The connector streams MCAS alerts and discovery logs into your Sentinel workspace. The dataConnectorId uniquely identifies this connector instance, while resourceGroupName and workspaceName specify where the connector lives. Once registered, MCAS data flows automatically into Sentinel’s analytics and investigation tools.
Beyond these examples
This snippet focuses on MCAS data connector registration. It’s intentionally minimal rather than a full security integration.
The example references pre-existing infrastructure such as Sentinel workspace and resource group, and Microsoft Cloud App Security subscription. It focuses on connector registration rather than provisioning the surrounding security infrastructure.
To keep things focused, common connector patterns are omitted, including:
- Data type selection (alerts vs discovery logs)
- Tenant ID specification for multi-tenant scenarios
- Connector state management and monitoring
- Data retention and filtering configuration
These omissions are intentional: the goal is to illustrate how the MCAS connector is wired, not provide a drop-in security module. See the MCAS Data Connector resource reference for all available configuration options.
Let's configure Azure Microsoft Cloud App Security Data Connectors
Get started with Pulumi Cloud, then follow our quick setup guide to deploy this infrastructure.
Try Pulumi Cloud for FREEFrequently Asked Questions
Configuration & Setup
dataTypes (object), kind (must be ‘MicrosoftCloudAppSecurity’), tenantId, dataConnectorId, resourceGroupName, and workspaceName.kind property must be set to ‘MicrosoftCloudAppSecurity’.Immutability & Lifecycle
dataConnectorId, resourceGroupName, and workspaceName. Changing any of these requires replacing the resource./subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}