Microsoft Cloud App Security is a cloud access security broker (CASB) that works well with many leading services, such as AWS, Dropbox, G Suite, Google Cloud, Salesforce, and so on.

As a CASB, Microsoft Cloud App Security acts as an added layer of security for all of the SaaS applications your company uses to do business.

Conventional security suites that weren’t built with cloud applications in mind, can leave blindspots in an IT administrator’s field of view. Microsoft Cloud App Security collects detailed information about all the SaaS apps in use across the entire organization, and aggregates it in a single console.

Microsoft Cloud App Security (MCAS) is a cloud security tool that, among many other things, can scan your cloud storage for protected data (such as PII, PCI, HIPAA, etc.). This post will detail enabling MCAS, delegating access, and connecting Office 365. Come back later in the week for a post on configuring a policy to scan OneDrive for files containing an SSN.

There are several ways to license MCAS. You can buy it standalone, bundle it with EMS E3 or A3, EMS E5/A5, M365 E5/A5 Security, or with full M365 E5/A5. There are also subsets of features available when purchasing Office 365 E5/A5 and Azure AD Premium P1 or P2.

The cloud app discovery tools in Microsoft Cloud App Security (MCAS) are usually seen as a way to get shadow IT under control because they handle SaaS, IaaS and PaaS resources. But simply blocking a service that someone is using to get their job done will only drive them to try a different one. A better approach is to use MCAS to assess which apps are in use, set policies for what’s acceptable, and educate staff on alternatives. In combination with other tools like Microsoft Endpoint Manager, IT departments can prioritise productivity as well as security, improving staff experience as well as protecting data.