What is Microsoft Cloud App Security? Is it Any Good?

Now that SaaS applications form the backbone of daily operations for many businesses, keeping them secure is more important than ever.

The problem is that most organizations don’t even know all of the cloud apps their employees are using. Some of these applications are fairly risky, from a cyber threat standpoint, and others are simply not compliant with the regulations your company needs to observe.

Microsoft Cloud App Security is a well built solution to these problems. It collects and reports on all of the critical information IT administrators need in order to keep a company’s cloud assets secure from external attacks, and shielded from internal accidents.

Discover and manage shadow IT, suspicious behavior, threats to compliance, and protect sensitive information in the cloud, all from a single dashboard.

Overview of Microsoft Cloud App Security

Microsoft Cloud App Security is a cloud access security broker (CASB) that works well with many leading services, such as AWS, Dropbox, G Suite, Google Cloud, Salesforce, and so on.

As a CASB, Microsoft Cloud App Security acts as an added layer of security for all of the SaaS applications your company uses to do business.

Conventional security suites that weren’t built with cloud applications in mind, can leave blindspots in an IT administrator’s field of view. Microsoft Cloud App Security collects detailed information about all the SaaS apps in use across the entire organization, and aggregates it in a single console.

From there, admins can monitor and remediate unusual activity, block risky SaaS apps, and configure policies on a granular level.

The increased visibility and stronger control allow organizations to feel secure in moving more information to the cloud, because they know it is always available, compliant, and protected.

From the intuitive dashboard, you can see up-to-date information about every cloud application, IP address, DLP alerts, and more.

At a glance, you can understand the most pressing issues. Microsoft Cloud App Security automatically distills its findings into a clear set of well-defined security concerns. These include risky SaaS apps that have been discovered, infected files, suspicious user activity, and so on.

Suspicious user activity, for example, is brought to your attention by an investigation priority score that’s based on anomaly, behavioral analytics (UEBA), and rule-based activity detections.

With a few clicks, you can drill down into the details, figure out what’s wrong, and begin remediating the problem immediately.

There are a large and growing number of use cases, but broadly speaking, the Microsoft Cloud App Security helps IT administrators keep cloud assets in four key ways.

1. Mitigating shadow IT risk

According to Microsoft, some 80% of employees use apps that may not be compliant with security, legal, and regulatory standards. With people accessing sensitive resources from coffee shops, hotel PCs, and home networks, firewall rules and policies aren’t enough.

Microsoft Cloud App Security lets you discover every app on your network and quickly investigate usage patterns. It will deliver an automatic risk assessment of more than 16,000 apps based on 80 risk factors.

Sanction, unsanction, or block apps depending on their risk level. Customize a splash screen that greets users who try to access risky apps and provides them with an option that is better suited for your organization’s security.

2. Detecting and remediate cybersecurity threats

Microsoft Cloud App Security combines multiple detection methods in order to surface critical information about how employees are using cloud applications. You can enable anomaly detection policies to get alerts based on potential security concerns, such as:

  • Activity from an country that is unconnected to users in the organization
  • Activity from suspicious IP addresses
  • Impossible travel
  • Malware
  • Ransomware
  • Suspicious inbox forwarding
  • Suspicious administrator activities
  • Unusual multiple file download activities

Once you resolve these issues, you can establish automated processes and rules to address similar situations in the future.

3. Enforcing compliance

Once you discover or connect apps with Microsoft Cloud App Security, you can cross-check whether or not they are compliant with specific regulations, like HIPAA or GDPR. Configure policies from the dashboard to ensure that people are using compliant apps in safe ways.

You can also use Conditional Access App Control, in order to force cloud data to be encrypted, block downloads to avoid data leaks, and monitor activity on unmanaged devices.

4. Securing sensitive information

Microsoft Cloud App Security makes it easy to discover, classify, and protect sensitive information employees share and store on the cloud. Microsoft Data Classification Service is natively integrated, which can help you create a strong data leak prevention policy with limited configuration.

How Does Microsoft Cloud App Security Work?

Microsoft Cloud App Security has multiple deployment modes you can use to integrate it within your existing architecture:

  • Log collection from firewalls, secure web gateways, and SIEMs
  • API connectors provided by the cloud provider
  • Reverse Proxy architectures integrated with Azure AD or your IdP

Here’s a visualization from Microsoft that helps explain the role of each deployment mode plays in creating a complete picture of security events in the cloud:

Regardless of whether users are on the network, Microsoft Cloud App Security is able to identify all of the cloud apps and services used across your organization. All relevant data is captured, on managed or unmanaged devices.

Any questionable activity is automatically prioritized for individual users, web apps, and separate instances of the same API connected apps.

If you deploy Cloud App Security within a Microsoft environment, it integrates with other security products, like Microsoft Defender Advanced Threat Protection, Azure Sentinel, Azure Active Directory, Microsoft Intune, and so on.

The native integration simplifies deployment, management, and automation, but Microsoft Cloud App Security works well with non-Microsoft services, such as AWS and Google Cloud, and supports firewalls and proxies from vendors like Cisco, Juniper, Sophos, and Zscaler.

Microsoft Cloud App Security Pricing

You can purchase Microsoft Cloud App Security as a standalone product, or part of certain Microsoft 365 Enterprise subscriptions.

Some plans come with Cloud App Security Discovery, which is a subset of Microsoft Cloud App Security, and doesn’t have as many features and capabilities.

Here’s a breakdown of the differences between the two products, and a chart that shows which Enterprise subscriptions include each version:

For volume licensing, there are additional ways organizations can use Microsoft Cloud App Security, such as Microsoft 365 E5 Compliance and certain Microsoft 365 plans for education and government.

See the Microsoft Cloud App Security Licensing Datasheet for complete information about how to acquire the service.

How good is Microsoft Cloud App Security?

Much of what Microsoft Cloud App Security does can be accomplished by other software, but you would need to unite a number of different programs to give yourself the same level of cloud protection.

Cobbling together a bespoke solution of security products can leave gaps in your defenses, and probably won’t offer the same level of controls over policies or user activities.

Microsoft Cloud App Security, on the other hand, links with other powerful tools in order to offer seamless protection across your entire cloud environment.

The depth of Microsoft Cloud App Security is a blessing for those who know how to configure it to their specific architecture and needs.

This will take time, and administrators will have to familiarize themselves with how/why alerts are tripped to ensure that harmless events don’t draw unwanted attention.

As amazing as the features and capabilities are, Microsoft Cloud App Security works only as well as you enable it. After all, this is a service that works for massive businesses with entirely different compliance and security concerns. Ultimately, it’s the user’s responsibility to make sure that Microsoft Cloud App Security has been optimized for the company’s specific situation.

So long as you have budgeted in the resources to support your training, deployment, and management of the new service, there are seldom cloud security issues that Microsoft Cloud App Security can’t address.

Who should get Microsoft Cloud App Security?

If you are working in an enterprise Microsoft environment, the service ties in with everything you have up and running already. Plus, your IT team is already familiar with how Microsoft builds their programs and organizes the options at your disposal.

All of this makes Microsoft Cloud App Security a very attractive option for organizations that are looking to get a more nuanced picture and control over their cloud environment. The added cost of Cloud App Security will be incremental, unless you are already on an Microsoft 365 Enterprise E5 plan, in which case you simply have to enable the service.

For those who are not already heavily invested in a Microsoft environment, there are other phenomenal CASB software vendors with products that may better fit your needs. Forcepoint and Broadcom (formerly Symmantec) offer two of the most popular competing CASB solutions on the market.

With the growing reliance on Saas, PaaS, and IaaS solutions, companies would do well to invest in CASB software that tightens up their cloud security.

These days, your employees enjoy the ability to work on anything from anywhere. Should that level of access fall into the wrong hands, the results can be catastrophic.

Incredible companies use Nira

Every company that uses Google Workspace should be using Nira.
Bryan Wise
Bryan Wise,
Former VP of IT at GitLab

Incredible companies use Nira