What’s new with Microsoft Cloud App Security - MS Ignite edition 2018
Published Sep 26 2018 06:31 AM 36.5K Views
Microsoft

As of today, enterprises use an average of 1,100 cloud apps in their organization, with 75% considering SaaS essential to their business. At the same time, the increasing dependability on cloud services has introduced a new threat vector - with the rising number of cloud-based cyberattacks such as WannaCry, Gartner is recognizing Cloud Access Security Broker (CASB) to be a key investment area for organizations by 2020.

 

Powered by a unique approach to deliver native integrations with industry-leading security and identity solutions such as Azure Active Directory and Azure Information Protection – Microsoft Cloud App Security (MCAS), allows organizations to gain visibility into their cloud apps and services, and leverages sophisticated analytics to identify and combat cyberthreats. It enables you to control how your data is consumed, no matter where it lives.

 

This week at Microsoft Ignite we are showcasing our latest advancements in creating a uniquely integrated CASB:

  • Real-time session controls and monitoring for Office 365 and on-premise apps
  • Cloud App Discovery beyond your corporate network with Windows Defender ATP
  • Automatic detection and revocation of risky OAuth App permissions
  • Automating enterprise workflows with Microsoft Flow
  • Discovery and app lifecycle management with Secure Web Gateway provider iboss

 Let’s take a loot at each one of these in more detail.

 

Announcements

Real-time session controls and monitoring for Office 365 and on-premises apps

In June we announced the general availability of Conditional Access App Control for SAML-based apps, which allows you to control how your organization’s information can be accessed in real-time, based on the risk level of a user’s session.

Today we are announcing further advancements of this this feature:

  • Public preview support for Microsoft cloud services, including Office 365
  • Support for on-premises apps
  • A streamlined configuration experience within Azure AD

Our unique solution is defined by the native integration with Azure AD Conditional Access and Azure datacenters around the world, for an optimized user and admin experience.

 

Feature highlights

  • Simple deployment and native integration with Conditional Access, including built-in policies that can be configured directly within Azure AD
  • Optimized end user experience with the ability to scope policies to specific conditions and only apply real-time controls to a subset of user sessions that are considered risky
  • Limited latency by leveraging Azure datacenters around the world to geolocate users to the nearest MCAS session server
  • Support for on premises apps via an integration with Azure AD Application Proxy

Image 1: Blocked download notification in SharePoint Online when a session is considered risky and routed to the MCAS session server to enforce real-time monitoring and controlImage 1: Blocked download notification in SharePoint Online when a session is considered risky and routed to the MCAS session server to enforce real-time monitoring and control

Starting today you can onboard Microsoft cloud services, including some of our most popular Office 365 apps to Conditional Access App Control and later this year we will be adding even more Microsoft apps including Azure portal and Dynamics 365. Microsoft Cloud App Security will then allow for some of the most granular real-time controls and complete admin oversight to monitor user sessions across first- and third-party cloud apps in a single place.

 

Discovery beyond your corporate network with Windows Defender ATP

Discovery in Microsoft Cloud App Security identifies the cloud apps used by your organization, provides risk assessments, ongoing analytics and lifecycle management capabilities to control the use. MCAS already supports a long list of firewalls and proxies today, as well as custom formats.

Today we are excited to announce a new, native integration with Windows Defender ATP, which extends the Discovery capabilities beyond your corporate network. Microsoft Cloud App Security can now leverage the traffic information collected by Windows Defender ATP about the cloud apps and services being accessed from IT-managed Windows 10.

The integration provides admins a more complete view of cloud usage in their organization and the seamless integration allows easy pivoting between the consoles for investigative actions.

 

Integration Highlights

  • Discovery beyond the corporate network – of cloud apps accessed from managed Windows 10 machines, regardless of the network.
  • Ease of deployment - Enable the new integration with a simple checkbox in the Windows Defender Security Center.
  • Machine-based Discovery - Get a granular insight into the apps accessed from specific machines
  • Deep dive investigation in Windows Defender ATP - Continue your investigation in the Windows Defender Security Center for more granularity and visibility into all the different behaviors on a suspicious machine.

 

Image 2: Machine-based Discovery view in Microsoft Cloud App SecurityImage 2: Machine-based Discovery view in Microsoft Cloud App Security

 

Automatic detection and revocation of risky OAuth App permissions

OAuth is a standardized protocol leveraged as a secure way to link cloud apps and services and delegate access to a user’s account without sharing or exposing credentials. This authorization method is universally adopted by many cloud apps and services – including consumer and enterprise cloud services such as Office 365, Google Apps and Salesforce.

As more businesses adopt cloud apps and services, users authorize apps using their corporate credentials, giving these apps programmatic access to their corporate data and introducing potential back doors into corporate environments.

Microsoft Cloud App Security provides an overview of which OAuth apps your users have authorized access for across Office 365, Google, and Salesforce.

Starting today, admins can create app permission policies to automatically revoke an app’s permission, when it is considered risky, to safeguard their organization from malicious apps and preventing them to exploiting permissions. For more details, refer to our technical documentation.

 

Image 3: Create App Permission policies to govern risky OAuth apps across O365, G-Suite and SalesforceImage 3: Create App Permission policies to govern risky OAuth apps across O365, G-Suite and Salesforce

   

Automating enterprise workflows with Microsoft Flow

Microsoft Cloud App Security now integrates with Microsoft Flow to provide centralized alert automation and orchestration of custom workflows using the ecosystem of connectors in Microsoft Flow.

The integration with Microsoft Flow enables organizations to create automated, custom workflows – for example routing Cloud App Security alerts to ticketing systems like ServiceNow or gathering manager approval to execute additional security controls such as disabling the account based on user attributes.

Image 4 shows an example of this functionality for an impossible travel alert policy in MCAS. It is configured to leverage MS Flow and the ServiceNow connector. This provides the ability to automatically create tickets based on the MCAS alert and align with existing processes in your organization. 

 Image 4: Policy creation in MCAS console with alerts managed via the MS Flow integrationImage 4: Policy creation in MCAS console with alerts managed via the MS Flow integration

 

Discovery and app lifecycle management with Secure Web Gateway

Microsoft Cloud App Security is partnering with Secure Web Gateway (SWG) providers such as Zscaler to deliver an inline Cloud App Discovery experience for customers who have existing SWG investments. We are happy to announce our most recent integration with iboss, an Internet security gateway built 100% for the cloud, that allows users to safely access their applications from any device, anywhere.

The new integration between iboss and MCAS delivers inline Cloud App Discovery and allows organizations to seamlessly enforce the blocking of apps on the corporate network - removing the need to deploy a log collector and the implementation of separate block scripts against your firewall or proxy. Leveraging Microsoft Cloud App Security and iboss for Discovery provides visibility into how users are accessing cloud applications, regardless of their device or physical location, and enables organizations to detect and easily manage access to unsanctioned cloud apps, to prevent data loss or the violation of regulatory compliance. 

 

Future investments

Microsoft Cloud App Security is a CASB differentiated by the truly unique and native integrations with industry leading security and identity solutions from the Microsoft product stack. We will continue to build on these integrations to provide even more advanced DLP capabilities and provide additional cloud app management scenarios with Windows Defender ATP.

 

Any App Support for real-time controls

While several Microsoft and third-party cloud apps can be enabled for real-time monitoring and control today, later this year we will be enabling additional apps such as Microsoft Teams and the Azure portal. Longer term we will be providing self-service onboarding for cloud apps, enabling MCAS to support any app and add even more granular app controls, while extending these beyond browser-based apps.

 

Cloud Security Posture Management

Our CASB offering is moving beyond cloud apps and now also enables customers to protect and analyze their PaaS and IaaS investments. Earlier this year we introduced a new integration with Azure Security Center, which allows you to assess and manage your cloud security posture of Azure. Gartner considers Cloud Security Posture Management as one of the top 10 security projects for 2018 and Microsoft Cloud App Security will be delivering the same capabilities for other PaaS and IaaS providers in the future. Furthermore, we will extend posture management to individual cloud apps to take Compliance assessment to the next level.

 

Threat Protection

Microsoft Cloud App Security is a core part of Microsoft Threat Protection, as announced in Rob Lefferts’ blog post on Monday. MCAS is heavily investing in threat detection capabilities to provide an optimized security investigation experience and allow customers to detect and remediate advanced threats quickly and limit the impact to your organization. Going forward our focus is to streamline the SecOps experience and provide even more built-in detections, based on the insights from Microsoft’s security research teams and the Intelligent Security Graph.

 

More info and feedback

Watch our Microsoft Ignite Overview session on demand.

Learn how to get started with Microsoft Cloud App Security with our detailed technical documentation. Don’t have Microsoft Cloud App Security? Start a free trial today!

As always, we want to hear from you! If you have any suggestions, questions, or comments, please visit us on our Tech Community page.

1 Comment
Version history
Last update:
‎Nov 02 2021 04:32 PM
Updated by: