Managing hybrid IT environments is a reality for most organizations today. Forbes is predicting that by 2020 on-premises workloads will still account for 27% of all enterprise workloads. Consequently, and despite the rapid move to the cloud, we can expect that critical workloads will continue to be managed in hybrid environments for years to come. Across these hybrid deployments, you are tasked with providing a simple and integrated experience for your users, while securing the confidential data that’s stored in your organization’s apps and resources.
Microsoft Cloud App Security now natively integrates with Azure AD Application Proxy to enable organizations to enforce real-time controls for any on-premises app and ensure a consistent security experience across hybrid cloud workloads - delivering on a capability that is unique in the market of Cloud Access Security Brokers (CASBs).
Azure AD Application Proxy provides single sign-on and secure remote access for web apps that are hosted on-premises. These on-prem web apps can be integrated with Azure AD to give end users the ability to access them in the same way they access Office 365 and other SaaS apps. Conditional Access App Control provides real-time controls for your organization’s apps, to allow for powerful use-cases such as controlling downloads, monitoring low-trust sessions, creating read-only modes, and more.
By integrating these two capabilities, we’re ensuring that your apps and services are protected in a consistent manner, regardless of where they are hosted. For example, if you use an app on-prem that enables file-sharing and -collaboration, you can publish this app via the Azure AD App Proxy to enable your users to access their files from anywhere, at any time. Configuring the app with Conditional Access App Control allows you to limit what a user can do, e.g downloading files, when a user session is considered risky, such as when the app is accessed from an unmanaged device.
As you migrate to the cloud and adopt cloud-based file-collaboration tools such as OneDrive or Dropbox, you can continue to utilize the same download policy to ensure the end-user experience, as well as the security you’ve come to expect, remain unchanged. This is just one scenario of many, across any application, that allows you to achieve this continuity, convenience, and powerful security.