A uniquely integrated CASB

Microsoft Cloud App Security is a uniquely integrated Cloud Access Security Broker (CASB) powered by native integrations with industry-leading security and identity solutions including Azure Active Directory, Intune, and Azure Information Protection control how your data is consumed, no matter where by having Could apps Shadow IT Discovery and Management, SaaS platforms such as O365 full visibility and policy enforcement, IaaS platforms such as Azure and AWS visibility, Online storage such as OneDrive and Dropbox visibility and policy enforcement, Cloud Data Loss Prevention (DLP), Threat Protection and Compliance Assessment.

Shadow IT Discovery

On average more than 1,100 cloud applications are used by enterprises today, of which 61% are not sanctioned by IT. This results in duplicate capabilities, apps not meeting compliance standards or posing a security risk to the organization without any IT oversight. Discovery identifies current cloud apps, provides risk assessments and ongoing analytics and lifecycle management capabilities to control the use.


  • Discover, Identify and manage the cloud apps (SaaS apps) used by your organization in and beyond the corporate network
  • Assess risk and business readiness of your apps against >70 risk factors including regulatory and industry standards
  • Get granular details about the usage of each discovered cloud app in your organization and dive deep into app categories, IP addresses, users and machines
  • Get notified when new risky or high-volume apps are discovered so you can evaluate and govern their usage
  • Govern discovered apps by sanctioning, onboarding them to Azure AD or blocking them on your network
  • Generate executive reporting and High-level overview of key findings and recommendations on how to improve visibility into, and control over, Shadow IT in your organization
  • Protect sensitive data when it is uploaded to the cloud or shared in and outside of your organization

Seamless integrations to enhance and customize Discovery

  • Leading SWG providers: Secure Web Gateway integrations allow inline app Discovery and the enforcement of governance actions
  • Azure Active Directory: Easily on-board discovered apps to Azure Active Directory (AAD) to enable managed authentication and SSO
  • Windows Defender ATP: The agent extends Discovery beyond your organization’s network and enables machine-based Discovery regardless of the access point

Threat Protection

Protect against cyber threats and anomalies! Moving to the cloud presents a new threat vector for organizations. Attacks can introduce ransomware, compromised user accounts, perform malicious activities, and over-privileged O-auth apps can gain access to sensitive data or privileged accounts. Accelerate the safe adoption of cloud apps and limit the impact to your organization by leveraging sophisticated behavioural analytics, built-in detection and automatic remediation capabilities, informed by one of the industry’s largest set of threat signals.

  • Detect unusual behaviour across your cloud apps to identify ransomware, compromised users or rogue applications, analyse high-risk usage and re-mediate automatically to limit the risk to your organization
  • Detect insider threats and compromised accounts with sophisticated end user behavioural analytics (UEBA)
  • Identify and mitigate malware activities, including ransomware and other advanced cyber-attacks
  • Be alerted when rouge applications or over-privileged O-auth apps access your data and configure automatic remediation

Advanced Threat Intelligence - enabling sophisticated detections

  • Intelligent Security Graph: A platform powering Microsoft security products and services by using advanced analytics to link threat intelligence and security signals. Microsoft operates global services at a massive scale with billions of security signals that MCAS leverages to power its Threat Detection.
  • Secure Score: Visibility into your Microsoft security position and provides an overview of which security features are available to reduce risk. MCAS feeds into the overall scoring and helps you protect your environment of cloud apps.
  • Azure Security Centre: Enables Security posture management and threat protection for hybrid cloud workloads to ensure secure configuration of all your resources. Integrated and surfaced within MCAS.
Threat Protection

Information Protection

Protect your data when it travels outside of your organization. To maximize the impact of information, it needs to be ubiquitous to help people and businesses succeed. With data being on the move, the risk for exposure increases, as sensitive data is overshared inside or even outside of the organization. Microsoft Cloud App Security enables you to identify your sensitive data across cloud apps, monitor when it is shared with risky environments and take necessary governance actions by classifying, labelling and protecting existing and new data in your environment.

  • Understand, classify and protect sensitive information when it travels in- and outside of your organization with automated processes and real-time controls
  • Identify information at risk of exposure and remediate immediately with admin controls including quarantine, revoking privileges or notifying the owner
  • Classify, label and protect sensitive information when it is stored in or newly uploaded to cloud apps
  • Control and monitor user sessions in real-time to prevent data exfiltration in low-trust scenarios, such as sessions from external users

Native integrations powering a unique information protection approach!

  • Microsoft Information Protection (AIP): Comprehensive protection of sensitive data throughout its life-cycle across devices, apps, cloud services and on-premises. Integrated with Cloud App Security to extend the capabilities to all your cloud apps
  • Conditional Access: Automated access control for accessing cloud apps, based on conditions you define. MCAS extends these controls into the user’s session to allow for real-time monitoring and granular control of any app with MCAS
  • Intune: Managing mobile productivity securely and in a unified way. Leveraged to differentiate managed from non-managed devices and apply necessary session controls
Information Protection

Compliance Assessment

Most organizations must comply with a set of regulations, governed by the industry and country they operate in. These dictate how organizations must manage, view, and control their data. Microsoft Cloud App Security sources from a catalog of more than 16,000 cloud apps to discover the apps used in your environment and leverages >70 different parameters to assign a risk score to each one. These risk factors span general information, security, compliance and legal, and enable you to assess whether any given app meets the compliance requirements for your organization. Powerful, built-in queries allow you to filter for specific requirements such as GDPR or FedRAMP, to tailor the discovery experience to your specific needs.

  • Assess the compliance of your organization’s apps against regulatory requirements such as PII, PCI, GDPR, industry and legal standards and common security controls
  • Assess if your cloud apps meet your industry’s compliance requirements
  • Protect sensitive data when it is uploaded to the cloud or shared in and outside of your organization

Get started on your compliance journey

Step 1:

  • Discover your cloud apps: Get started with discovery to understand which cloud apps are being used in your organization

Step 2:

  • Assess their compliance: Leverage more than 70 risk factors to understand whether the discovered cloud apps meet your organization’s requirements

Step 3:

  • Control sensitive data: Create labels and file policies to identify and automatically protect sensitive information across your ecosystem of cloud apps

Discover and control the use of Shadow IT

Identify cloud apps and services used by your organization. Assess their risk levels and business readiness of >16,000 apps against >70 risk and start managing them to ensure security and compliance.

Protect your sensitive information

Understand, classify and protect the exposure of sensitive information at rest, or leverage out-of-the box policies and automated processes to apply controls in real-time - across all your cloud apps.

InProtect against cyberthreats and anomalies

Detect unusual behavior across cloud apps to identify ransomware, compromised users or rogue applications, analyze high-risk usage and remediate automatically to limit the risk to your organization.