Microsoft Goes Live with Cloud App Security Service

Microsoft is now selling its Cloud App Security service.

This service, generally available as of Wednesday, is specifically focused on tracking the use of software-as-as-service (SaaS) applications in organizations. The idea is that organizations don't know what services are being accessed by end users.

Use of those services could add to an organization's security risks, so Microsoft's Cloud App Security service provides a SaaS-app discovery service, as well as a ranking system, to address the potential security hazards.

The service uses an organization's traffic logs to find out what SaaS apps are being used. It taps proxies and firewalls for the discovery process. It pulls information using the APIs of the SaaS apps. Microsoft then ranks the risks of using these SaaS apps via a scoring system based on "regulatory certifications, industry standards and best practices," per Microsoft's TechNet description of the Cloud App Security service.

Microsoft claims there's data privacy during the inspection process. "Data is downloaded for purposes of inspection, but data privacy is enforced," the TechNet articles states.

Organizations can act on the information obtained by the service, but the actions tend to vary per SaaS app. For instance, the ability to quarantine files is possible with Office 365 and Box, but not with the Service Now, and AWS services, per a table in this TechNet article.

The service is based on Microsoft's purchase of Adallom, a company that made security solutions for tracking services and data sharing using cloud infrastructure. Microsoft bought Adallom for about $250 million in September.

"Cloud App Security is the Adallom technology," a Microsoft spokesperson clarified via e-mail. "It was renamed Cloud App Security after the acquisition."

Microsoft and its partners currently sell the Cloud App Security service on a subscription basis. It's priced at $5 per user per month and available in U.S. and Canadian markets. An organization needs to meet Azure Rights Management Service (RMS) requirements to use it. Only Azure Active Directory or Office 365 global administrators can set it up, per the spokesperson:

Organizations need a Microsoft Azure subscription that supports Microsoft Cloud App Security. For more information see Cloud subscriptions that support Azure RMS. Then, to set up Cloud App Security, you must be a Global Administrator in Azure Active Directory or Office 365. You can find more info here.

The Cloud App Security service isn't the same thing as Microsoft's Azure Active Directory Cloud App Discovery service, although both services use the Azure cloud infrastructure.

"They're different," the spokesperson indicated. "Cloud App Security provides visibility into employee login events and data usage, as well as governance policies and proactive protection. Cloud App Security does this for popular SaaS applications as well as for custom applications and IaaS environments."

In contrast, the Azure Active Directory Cloud App Discovery service is "a feature of Azure Active Directory (AD) Premium," according to the spokesperson. It requires the use of agents that run in an organization's computing environment.

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.


  • Microsoft Ups Its Windows 10 App Compatibility Assurances

    Microsoft gave assurances this week that organizations adopting Windows 10 likely won't face application compatibility issues.

  • SharePoint Online Users To Get 'Modern' UI Push in April

    Microsoft plans to alter some of the tenant-level blocking capabilities that may have been set up by organizations and deliver its so-called "modern" user interface (UI) to Lists and Libraries for SharePoint Online users, starting in April.

  • How To Use PowerShell Splatting

    Despite its weird name, splatting can be a really handy technique if you create a lot of PowerShell scripts.

  • New Microsoft Customer Agreement for Buying Azure Services To Start in March

    Microsoft will have a new approach for organizations buying Azure services called the "Microsoft Customer Agreement," which will be available for some customers starting as early as this March.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.