Microsoft Cloud App Security

Get enterprise-grade security for your cloud apps


Bring the security of your on-premises systems to your cloud applications. Provide deeper visibility, granular data controls, and enhanced threat protection.

What does Cloud App Security provide?

Discover and assess risks


Identify cloud apps on your network, gain visibility into shadow IT, and get risk assessments and ongoing analytics.

Control access in real time


Manage and limit cloud app access based on conditions and session context, including user identity, device, and location.

Protect your information


Get granular control over data and use built-in or custom policies for data sharing and data loss prevention.

Detect & Protect against threats


Identify high-risk usage and detect unusual user activities with Microsoft behavioral analytics and anomaly detection capabilities.

How Cloud App Security is different

Discover SaaS apps and assess risk


Identify more than 15,000 apps and assess risk based on 60 different parameters, including regulatory compliance. Discovery tools collect information from firewalls and proxies to know which cloud apps are in use and assign each app a risk score, all without using agents.

Control and limit access in real time


Maintain monitoring and control over your cloud apps, even after you approve their use. Set granular access- and activity-level policies, such as allowing a user access from an unmanaged device while blocking the download of sensitive data.

Detect and mitigate ransomware attacks


Identify potential ransomware activity using a built-in template and apply file policies to search for unique file extensions. After detecting potential attacks, use the template to suspend suspect users and prevent further encryption of the user’s files.

Gain unified information protection


Set policies and enforce them right away on your cloud apps—whether from Microsoft or third parties, such as Box, Dropbox, and Salesforce. Provide customizable, granular control policies and powerful remediation actions, including quarantine and sharing restrictions. Scan and classify files in the cloud and apply Azure Information Protection labels.

Integrate with your existing SIEM and DLP solutions


Preserve your usual workflow and set a consistent policy across on-premises and cloud activities while automating security procedures to better protect your cloud applications through integration with your security information and event management (SIEM) and DLP solutions.

Deployment and management flexibility


Help protect your data whether it’s stored in the cloud or in on-premises infrastructures. You have the flexibility to choose how your encryption keys are managed, including Bring Your Own Key (BYOK) options.