Get started with Microsoft Cloud App Security

Microsoft Cloud App Security is a Cloud Access Security Broker (CASB) that supports various deployment modes including log collection, API connectors, and reverse proxy. It provides a rich visibility, control over data travel, and sophisticated analytics to identify and combat cyberthreats across all your Microsoft and third-party cloud services as it was mentioned by us in a previous blog post here where I shared the fundamentals and key components of it. Today, I’ll walk you through some steps to get started with Cloud App Security.

Microsoft Cloud App Security natively integrates with leading Microsoft solutions and is designed with security professionals in mind. It provides simple deployment, centralized management, and innovative automation capabilities.

Cloud App Security integrates visibility with your cloud by:

  • Using Cloud Discovery to map and identify your cloud environment and the cloud apps your organization is using.
  • Sanctioning and unsanctioning apps in your cloud.
  • Using easy-to-deploy app connectors that take advantage of provider APIs, for visibility and governance of apps that you connect to.
  • Using Conditional Access App Control protection to get real-time visibility and control over access and activities within your cloud apps.
  • Helping you have continuous control by setting, and then continually fine-tuning, policies

CLOUD APP SECURITY ARCHITECTURE

I you want to see more details  about the Cloud App Security Architecture, click here.

Get Started with Microsoft Cloud App Security 

This quickstarter provides you with steps for getting up and running with Cloud App Security. Microsoft Cloud App Security can help you take advantage of the benefits of cloud applications while maintaining control of your corporate resources. It works by improving visibility of cloud activity and helping to increase the protection of corporate data. In this article, we walk you through the steps you take to set up and work with Microsoft Cloud App Security.

1. Learn about the prerequisites:

  • Your organization must have a license to use Cloud App Security. For pricing details, visit the Cloud App Security licensing datasheet here.
  • After you have a license for Cloud App Security, you’ll receive an email with activation information and a link to the Cloud App Security portal.
  • To set up Cloud App Security, you must be a Global Administrator or a Security Administrator in Azure Active Directory or Office 365. It’s important to understand that a user who is assigned an admin role will have the same permissions across all of the cloud apps that your organization has subscribed to. This is regardless of whether you assign the role in the Microsoft 365 admin center.
  • To run the Cloud App Security portal, use Internet Explorer 11, Microsoft Edge (latest), Google Chrome (latest), Mozilla Firefox (latest), or Apple Safari (latest).

2. Access the portal

To access the Cloud App Security portal, go to https://portal.cloudappsecurity.com.

3. Define connected Apps

App connectors use the APIs of app providers to enable greater visibility and control by Microsoft Cloud App Security over the apps you connect to.

Microsoft Cloud App Security leverages the APIs provided by the cloud provider. Each service has its own framework and API limitations such as throttling, API limits, dynamic time-shifting API windows, and others. Microsoft Cloud App Security worked with the services to optimize the usage of the APIs and to provide the best performance. Taking into account different limitations services impose on the APIs, the Cloud App Security engines use the allowed capacity. Some operations, such as scanning all files in the tenant, require numerous APIs so they’re spread over a longer period. Expect some policies to run for several hours or several days.

Below you can find an example of how connected apps to cloud app security look like:

Cloud App security connected

To see the list, per cloud app, as well as which abilities are supported with App connectors, click here.