News

Microsoft Readies New Feature in Cloud App Security Product

A preview of the updated Cloud App Security solution from Microsoft is expected this month, featuring a new capability that adds conditional access protections to Software-as-a-Service (SaaS) applications.

Cloud App Security, which reached general availability last year, is Microsoft's implementation of technology it acquired from Adallom about two years ago. Microsoft describes Cloud App Security as a way to discover the use of SaaS apps in organizations. The service provides an assessment of the security risks of using various SaaS apps via a ranking system. It's billed as a means of thwarting so-called "shadow IT" scenarios, where end users evade policies and security protections set up by IT departments.

Sometime in October, Microsoft plans to issue a public preview of a new Cloud App Security feature that will permit organizations to set conditional access policies for SaaS apps.

"As showcased at Ignite keynote sessions, we're extending these conditional access capabilities to monitor user sessions and control content access and downloads directly inside SaaS apps through a unique integration between Microsoft Cloud App Security and Azure AD conditional access," Microsoft explained last week regarding the feature coming in preview for the Cloud App Security service.

Under the "conditional access" concept, policies set by IT pros determine when access to networks or resources is granted or blocked. For instance, there can be conditional access policies set for devices such that they are required to have the latest updates installed in order for network access to be granted. The new preview coming in October, though, will offer a way to set conditional access policies specifically for cloud-based SaaS applications. It carries out these conditional access policies using a new "proxy" in the Cloud App Security service.

According to Microsoft's example, with the coming conditional access preview, "you can allow access to browser-based cloud apps from unmanaged devices or an unfamiliar location while blocking the download of sensitive documents from within the application."

Azure Information Protection Feature
The Cloud App Security service also can block access to documents and e-mails through integration with Azure Information Protection. It's able to take action based on the security classification "labels" that get applied to documents and e-mails using the Azure Information Protection service. A new capability, described in Microsoft's announcement, is that this sort of action can happen automatically for SaaS apps.

"Cloud App Security will scan and classify sensitive files in the cloud apps and automatically apply AIP labels for protection," Microsoft's announcement explained.

This new protection will permit Excel, PowerPoint or Word files to "open in Office apps on all platforms without requiring a plug-in or any additional settings," the announcement added. This capability will be available sometime in Oct. 2017, according to the announcement.

Improved Discovery
The discovery capabilities of the Cloud App Discovery service also have been enhanced. The service can now find "more than 15,000 cloud apps," Microsoft's announcement claimed. It will issue an alert when a new app is being used.

The discovery feature of the service also shows more in-depth information, such as "inbound and outbound traffic," plus the "top users for discovered apps." The improved discovery process works without agents and is currently available to "all Azure AD Premium P1 and EMS E3 customers."

The three enhancements coming to the Cloud App Security service are summarized in this slide from a Microsoft Ignite session:

[Click on image for larger view.] Coming Cloud App Security enhancements. (Source: Ignite 2017 session.)

The Ignite session, "Microsoft Cloud App Security Deep Dive," is currently available on demand here.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • IBM Giving Orgs a Governance Lifeline in Agentic AI Era

    Nearly overnight, organizations are facing brand-new challenges caused by self-directed AI systems (a.k.a. agentic AI). Big Blue is extending them some help.

  • Microsoft Launches Integrated E-mail Security Ecosystem for Defender for Office 365

    Microsoft is expanding its e-mail security capabilities with the launch of a new Integrated Cloud Email Security (ICES) ecosystem for Microsoft Defender for Office 365.

  • Microsoft Joins Workday's AI Agent Partner Network

    Microsoft has become a key partner in Workday's newly launched AI Agent Partner Network, aligning with other industry leaders to integrate AI agents into enterprise workforce systems.

  • LinkedIn CEO Ryan Roslansky To Lead Microsoft's Productivity Initiatives

    In a strategic leadership realignment, Microsoft has appointed LinkedIn CEO Ryan Roslansky to oversee its consumer and small business productivity software division, encompassing Microsoft 365, Teams and AI-driven tools like Copilot.