Microsoft Cloud App Security: Everything you need to know

The last decade has seen a big push toward cloud-based applications and storage. Though moving to the cloud offers a ton of flexibility and scalability, it also comes with unique challenges, especially in terms of security, as it is accessed through the Internet. So, does this mean you must consider going back to on-prem applications? Not exactly because the benefits from cloud technologies are too huge to miss. A better solution would be to strike a balance between the cloud’s benefits and its security by leveraging technologies, tools, and streamlined security strategies. One such tool is the Microsoft Cloud App Security (MCAS), a cloud access security broker (CASB) tool that comes with many features to protect your data, control access, and combat cyberthreats.


What is Microsoft Cloud App Security?

Essentially, Microsoft Cloud App Security works as a monitoring tool, a firewall, and an authenticator tool that protects your data and application at all times.

Let’s break this down a bit.

MCAS is a monitoring tool that:

  • Provides visibility into the access of apps and data.
  • Monitors users’ activities.
  • Classifies and protects sensitive information.
  • Ensures compliance.

Here are some things you can do with this service:

  • Control app and data usage.
  • Detect anomalies in user behavior.
  • Share confidential data with a limited set of users.
  • Impose access rules.
  • Integrate with cloud service APIs such as AWS, Azure, Dropbox, and more.

Out of these, what you can do also depends on the MCAS edition you choose.

MCAS subsets/editions


MCAS comes in three subsets: Office 365 Cloud App Security, Azure Active Directory Cloud App, and Cloud App Discovery. If you don’t need the entire MCAS, or if you’re on a budget, choose one of these subsets to get just the specific functionality you need.

Office 365 Cloud App Security

As the name suggests, this subset provides visibility and control over the Microsoft 365 suite using the existing data loss prevention (DLP) policy. You can do the following in this edition:

  • Detect threats based on user activity logs.
  • Look for shadow apps that are similar to Office 365 in functionality.
  • Control permissions to Office 365.
  • Apply access controls to different Office 365 apps.
  • Set manual and automatic alert remediation.
  • Integrate to Microsoft Intelligent Security Graph.
  • Implement activity policies.

Azure Active Directory Cloud App

This edition provides visibility into the use of cloud apps and you can exercise control through the Azure Active Directory. Here are some things you can do with this subset.

  • Applies to 16,000+ apps.
  • Upload manual and automated logs.
  • Assess the risk of cloud apps.
  • View analytics based on the app, user, and IP address.
  • Get detailed reports and analytics.

This feature comes as a part of the Azure Active Directory Premium P1 and entails no additional cost.

Cloud App Discovery

Cloud App Discovery analyzes your traffic logs and ranks them based on 80 risk factors to give you in-depth information about the apps used, shadow IT infrastructure, and the associated risks.

Below are a few things you can do with this subset.

  • Generate snapshot reports to get ad-hoc visibility on the traffic logs.
  • Analyze all the logs continuously.
  • Gain thorough visibility into its use, so you can quickly identify anomalous data or behavior.
  • Create custom policies to enhance security.
  • Use the API to automate log uploads.

Depending on what you want, you can pick one of these three editions or choose the complete Microsoft Cloud App Security to get all of it.

Moving on, let’s see how MCAS performs these tasks.

Microsoft Cloud App Security: Working with a world of apps

MCAS is designed to work well with more than 16,000 apps, and when you use one or more of the apps in its list, MCAS monitors the usage, who accesses it, how long it’s used, and other pertinent information. In fact, it even looks for these apps in proxy server logs, so you get a detailed view of their usage.

But that’s not all, and this is where it gets interesting!

For each of the 16,000 apps, you can do a risk assessment, identify which parts of the app’s services can be accessed, who can access them, and it can even block some users from accessing specific apps. You also have the option to use the Azure Active Directory for single sign-on.

The interface is also intuitive and requires no complicated steps. For example, to do a risk assessment, you start by uploading all the files to the portal. MCAS will then parse the data, analyze it, and will give the risk score for each, provided the app is one of the 16,000 apps that Microsoft Cloud App Security handles. Further, it lists the active users of these apps and their IP addresses, and finally, it generates a report with all this information, so you can better understand and control their use.

You can also use log collectors to automatically upload your log data to the portal over Syslog or FTP.

Likewise, the reports can be snapshot ones that provide ad-hoc visibility or continuous reports that use machine learning algorithms to analyze patterns based on your policies. You can also integrate it with Zscaler, iBoss, Coretta, and Menlo Security for more streamlined access.

Extended functionality

Microsoft Cloud App Security offers additional features, especially when you integrate it with other Microsoft services. Here’s a look at some of its extended functionality.

Integration with Azure Active Directory


One of the benefits of the Microsoft Cloud App Security is its integration with Azure Active Directory. Besides single sign-on, the cloud discovery feature replaces the username in log files with the corresponding full name from Azure Active Directory.

This matching and replacement make it easy to investigate any shadow IT usage by specific users and manage control and access through the Azure AD user groups.

User privacy

We have repeatedly seen hackers steal usernames, passwords, and other PII from the Internet and cloud-based apps. To prevent this, the data anonymization feature encrypts all usernames in logs using AES-128 with a dedicated key, so it is of no value even if the logs fall into the wrong hands.

When required, the admins can decrypt the usernames to get the names of the users.

Custom apps

What happens if your organization has a custom cloud app that’s not included in MCAS’s catalog of 16,000 apps?

Well, you can discover custom cloud apps used within your organization and extend the functionality of MCAS to those as well. When you do that, the Microsoft Cloud App Security parses the custom apps’ logs, analyzes them, and gives visibility into their usage patterns.


It can quickly get overwhelming to search through tons of data in your apps and log files. That’s why MCAS offers basic and advanced app filters where you can search or sort based on a host of parameters such as categories, compliance risk factors, score, usage, domains, apps, and more.

Connect to more apps

To extend the functionality of MCAS, you can integrate it with the APIs of app providers such as Azure, AWS, Box, Dropbox, GitHub, Google Workspace, Salesforce, Webex, ServiceNow, and more. All communication with these APIs is done using HTTPS, and multiple instances of the same apps are supported.

Microsoft Cloud App Security is a convenient way to protect your cloud apps and data, and at the same time, gives extensive visibility into their access and usage. You can also extend its functionality by integrating with popular cloud services and custom apps to get more out of it.

Have you tried this service? What are your thoughts on it?

Featured image: Pixabay

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top