07-01-2020 02:54 PM
07-01-2020 02:54 PM
I am very confused about the positioning of Microsoft Cloud App Security (MCAS) against the features of the Microsoft security solutions. Let me explain. The possibility of Cloud Discovery and the integration with Microsoft Defender ATP to extend the discovery of Cloud apps outside network, is clear. But I am confused about some other use cases:
You can integrate Azure Information protection so you can set labels to documents placed in you cloud apps. What is the benefit to use this with MCAS? And why does you need MCAS to protect documents that are saved in other cloud apps. When you have AIP P2, you have automatic labelling and classifying allready in place. Why do you need MCAS for this?
There is a built-in Threat Protection that gives alerts of suspicious behaviour. Also conditional access can be applied. This is exactly what Azure ATP with Azure Identity Protection does, right? (Azure AD Premium P2). Why do you need MCAS for this?
So it seems that MCAS is all about integration. Are there prerequisites. So If you want to log suspicious behaviour, do you also need AD Premium P2/Azure ATP?
07-02-2020 09:05 AM - edited 07-02-2020 09:14 AM
For AIP, or Unified Labeling if you've migrated over, one of the biggest benefits is to be able to see all your sensitive files in the cloud in one single place. By doing so, you're able to apply labels and protect files in apps that are both under Microsoft (OneDrive for Business, SharePoint Online) as well as through the connected apps, such as Box; a single file policy can cover multiple apps.
In addition, MCAS can apply these configurations on already existing files within these apps. Using AIP P2 definitely gives you the ability to automatically classify and protect within your environment but the functionality in MCAS builds upon existing labels and protections and applies it to additional apps, when configured correctly.
For the Conditional Access App Control, it builds upon what is identified in AAD, mainly with session controls by adding granularity especially with the files.
Block download, cut, copy, and print of sensitive documents.
Monitor risky session behavior.
Require labeling of sensitive files.
Say you have a user downloading a sensitive file from Box but they're using non-compliant device and therefore, has a risky session, you can use MCAS to protect that file when they download or, block downloading overall.
Over all, with information protection, MCAS allows you to classify and protect outside of your current environment from one unified location.
Some helpful documents on prerequisites:
I hope this helps!