How to position MCAS against the features of AIP, O365 ATP, Azure ATP & AD Premium P2

Hi supercrisz!

For AIP, or Unified Labeling if you've migrated over, one of the biggest benefits is to be able to see all your sensitive files in the cloud in one single place. By doing so, you're able to apply labels and protect files in apps that are both under Microsoft (OneDrive for Business, SharePoint Online) as well as through the connected apps, such as Box; a single file policy can cover multiple apps.

In addition, MCAS can apply these configurations on already existing files within these apps. Using AIP P2 definitely gives you the ability to automatically classify and protect within your environment but the functionality in MCAS builds upon existing labels and protections and applies it to additional apps, when configured correctly.  

For the Conditional Access App Control, it builds upon what is identified in AAD, mainly with session controls by adding granularity especially with the files. 

Benefits:

Block download, cut, copy, and print of sensitive documents.
Monitor risky session behavior.
Require labeling of sensitive files.

Say you have a user downloading a sensitive file from Box but they're using non-compliant device and therefore, has a risky session, you can use MCAS to protect that file when they download or, block downloading overall. 

Over all, with information protection, MCAS allows you to classify and protect outside of your current environment from one unified location.

Some helpful documents on prerequisites:

https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2NXYO

https://docs.microsoft.com/en-us/cloud-app-security/editions-cloud-app-security-aad

I hope this helps!