The cloud is a great option for businesses as it increases agility on a company-wide level.

But moves toward cloud-based structures should be handled with care, particularly with regard to ongoing security.

Of course, you need to make your apps and services fully accessible to those who need to use them, but this must not come at the expense of data security.

What Is Microsoft Cloud App Security (MCAS)?

Microsoft Cloud App Security, or MCAS, is a tool that you can use to achieve effective security monitoring and robust data security for your business’s cloud-deployed applications. MCAS serves as a Cloud Access Security Broker, or CASB. We’ll explore what this means in more detail below.

You will be able to use the tool to do the following:

  • Keep track of user behaviour across your apps, flagging anomalous behaviour in real-time.
  • Assess data access tiers and manage which access tiers can access which data.
  • Reinforce security for your most sensitive data, imposing strict criteria for access.
  • Achieve regulatory compliance in the long term.
  • Implement secure API integration with leading cloud services, including Amazon Web Services among others, as well as native integration with Microsoft products.
  • Deploy powerful analytics to achieve crucial insights into your cloud-based apps.
  • Outline strict controls over how data is transferred and shared.
  • Utilize automation to make security and compliance easier to achieve.
  • Identify cyberthreats and work proactively to pre-empt them.
  • Manage everything from a centralized location.

What Is a CASB?

As mentioned above, the term CASB stands for a Cloud App Security Broker. Microsoft’s Cloud App Security offering fits into this category, providing the capabilities that businesses need as they undergo digital transformation and beyond, but what exactly is a CASB?

A CASB is designed to strike the balance we discussed at the beginning of this article — the balance between organizational flexibility and agility, and robust digital security.

Basically, when users access your cloud-based apps, they do so via a CASB intermediary. This CASB works in real-time to assess access credentials and to “broker” the access process. If the credentials are invalid, no access is granted. If the credentials provide access only to a limited tier of data, access is restricted accordingly. Authorized access is granted without delay, supporting high levels of app performance even for remote users.

As well as forming an important line of defence for your IT and apps, the CASB acts as a monitoring tool, scanning app usage and keeping track of user behaviour. This ensures that you have a formidable vantage point from which to keep on top of resource access. Automatic and manual monitoring capabilities are deployed together to ensure full regulatory compliance.

CASB solutions can be utilized in conjunction with your existing business systems, integrating with CRM, ERP and other platforms to provide comprehensive visibility and capability. API-based interactions can further extend the usability of these solutions without compromising security or performance.

How to Gain Access to Microsoft Cloud App Security

You may be able to gain access to Microsoft Cloud App Security as part of your existing subscriptions to other Microsoft products. For example, the following Microsoft plans include the MCAS solution:

  • Microsoft 365 E5
  • Microsoft 365 E5 Security
  • Microsoft 365 E5 Compliance
  • Enterprise Mobility + Security E5

You do not have to be a Microsoft 365 subscriber — or have a subscription to another Microsoft plan — to leverage the benefits of MCAS. Standalone licensing is offered by Microsoft, delivered on a per-user basis.

These standalone licenses enable users to access all the features of MCAS and to extend protection to an unlimited number of applications.

Different MCAS Tiers

There are three different tiers for you to choose from when you decide to use Microsoft Cloud App Security. You may decide to deploy all three, or only one or two depending on your budget. Read on to learn more about these.

Office 365 Cloud App Security

Gain control over applications within the Microsoft 365 suite of products. Office 365 Cloud Security enables you to achieve the following with your Office 365 apps:

  • Identify risky or suspect behaviour on 365 apps.
  • Scan for applications masquerading as 365 apps.
  • Achieve complete control over access permissions across the entire 365 suite.
  • Eliminate threats with automatic and manual tools.
  • Benefit from Microsoft Intelligent Security Graph integration.
  • Draft and deploy security and behavioural policies across all apps.

Azure Active Directory Cloud App

With the Azure Active Directory version of MCAS, you will be able to extend security protocols and capabilities to all applications in the Azure Active Directory. This directory includes over 16,000 applications, all of which are protected by this level of MCAS.

You will be able to:

  • Carry out manual and automated logging side by side.
  • Implement risk assessments for cloud-based apps in the directory.
  • Utilize powerful analytics to assess user identity and behaviour.
  • Gain access to detailed reports.

Cloud App Discovery

When you choose Cloud App Discovery, the solution will assess your threat level according to 80 pre-determined risk factors. Ongoing traffic and behavioural analysis allow you to maintain robust security even as threat levels evolve.

Capabilities include:

  • Ongoing real-time analysis of logs.
  • Automatic log uploads with API integration.
  • Real-time reporting for maximum visibility.
  • Evolving threat identification, flagging up suspicious behaviours and activities.
  • Customized security policies based on specific needs.

Microsoft Cloud App Security Benefits

Security capabilities that evolve to match the growing needs of businesses. Ongoing accessibility and app performance. These are the two main benefits of implementing MCAS at your business.

But let’s take a look at this in more detail and examine the specific advantages of deploying Microsoft’s Cloud App Security solution.

  • Identify threats before they occur, pre-empting downtime or data loss for your business.
  • Ensure that your business remains fully compliant with a solution that helps you to stay ahead of the curve.
  • Implement effective identity-management protocols so that everyone who needs to access your applications can do so, while unauthorized entities are barred.
  • Leverage full integration with all Microsoft’s tools and deploy secure APIs to achieve peace of mind from third-party integrations.
  • Reduce the cost associated with utilizing a CASB — the MCAS solution may already be included in your existing Microsoft subscription.

Do you want to learn more about the potential Microsoft Cloud App Security represents for your business? Would you like to discover how this solution will fit into your existing security strategy? Let’s discuss. Reach out to our team today and let’s get started.

Written By:


Softlanding is a long-established IT services provider of transformation, professional services and managed IT services that helps organizations boost innovation and drive business value. We are a multi-award-winning Microsoft Gold Partner with 13 Gold Competencies and we use our experience and expertise to be a trusted advisor to our clients. Headquartered in Vancouver, BC, we have staff and offices in Toronto, Montreal and Calgary to serve clients across Canada.

More By This Author