Introduction to Microsoft Cloud Application Security
Microsoft Cloud App Security is a new suite of cloud-based monitoring tools that allow organizations to get control of their data in cloud applications. It provides three core capabilities: Application Discovery, Data Control, and Threat Protection.
App Discovery investigates logs from various network appliances or tools to identify what cloud applications your users are using. The data from this tool can assist in the choice to block the application or an enterprise purchase and integrate it into Azure AD with its security features.
Data Control and Threat Protection
Cloud App Security connects to a variety of SaaS applications via APIs to pull information from the application directly. Supported applications include:
- Office 365
- Google Apps
- Service Now
Since Cloud App Security is dependent on the API to retrieve its data, the capabilities of each app are different. The list of capabilities can be found here.
Adding the applications is a simple process. Microsoft’s own Office 365 suite requires very little configuration and can be enabled with a couple of clicks. Third-party applications need a little bit of configuration to enable the API.
Once the applications are connected, Cloud App Security starts retrieving the data. Depending on the applications connected, you can see the data in the files and accounts section under the investigate tab.
Now that the connection to the applications are made and the data is visible, policies can be made to detect and enforce restrictions. Microsoft has included some out-of-the-box templates to assist with the process. If templates don’t meet your needs, you can make your own.
The policies contain detection settings, filter criteria, and a governance section to take action when the policy is triggered.
The governance section is limited to what the application or API will support but each will have it’s own governance settings.
In my experience with this product, it takes 20 – 30 minutes for detection to take place. The near real-time detection is on the road map but not available yet.
This is a great product to take control of your organization’s cloud presence. Its integration with OneDrive is a welcome addition for many organizations who have been holding back their OneDrive deployments.