First published on CloudBlogs on Feb 26, 2018
This post is authored by Arbel Zinger, Program Managers, Microsoft Cloud App Security.
Several organizations use multi instances of the same cloud applications for different business reasons. As a security professional, you need to have visibility into each of these instances and have the option to control each one. We’re happy to announce that Microsoft Cloud App Security can now support and control multiple instances of the cloud apps.
Create multi-instance support policies
Let’s start with a common scenario: the marketing team and the sales team in an organization use the same CRM cloud application, but with two different instances. Why?
Marketing data might be shared with many people including public relations teams, partners or customers, while sales data (the pipeline, the number leads, etc.) is mostly classified and should be kept internal.
Also, there may be different CRM instances for different geographies, where one region may have stricter information protection rules.
With Microsoft Cloud App Security you can create a policy enforcing that any file from the European CRM instance cannot be shared publicly and you can govern this data automatically through this policy. Or you can set a policy to automatically label each file that is copied from the US CRM instance to the Europe CRM instance as “sensitive,” using
Azure Information Protection labels
Figure 1. Creating a policy
Another common use case scenario is when a development team is working on a test environment vs. a production environment. With multi-instance support policies in Microsoft Cloud App Security, you can provide even more granular and stricter controls for your production environment.
Connecting multiple user accounts to one identity
Considering that users may connect to different instances of the same app, using different user names, Microsoft Cloud App Security knows to connect between an account to the specific user, a person, to help you with investigating alerts in a user-focused way.
Figure 2. Example of multiple accounts for a single user
If you have Microsoft Cloud App Security or Office 365 Cloud App Security deployed, you will see these features already enabled in your tenant. If not, you can try how this service helps you with providing visibility, data control and threat protection to your cloud apps.