|
| 1 | +--- |
| 2 | +title: App visibility and control with Microsoft Cloud App Security |
| 3 | +description: Learn ways to identify app risk levels, stop breaches and leaks in real time, and use app connectors to take advantage of provider APIs for visibility and governance. |
| 4 | +services: active-directory |
| 5 | +author: msmimart |
| 6 | +manager: CelesteDG |
| 7 | +ms.service: active-directory |
| 8 | +ms.subservice: app-mgmt |
| 9 | +ms.topic: overview |
| 10 | +ms.workload: identity |
| 11 | +ms.date: 02/03/2020 |
| 12 | +ms.author: mimart |
| 13 | +ms.collection: M365-identity-device-management |
| 14 | +--- |
| 15 | + |
| 16 | +# Cloud app visibility and control |
| 17 | + |
| 18 | +To get the full benefit of cloud apps and services, an IT team must find the right balance of supporting access while maintaining control to protect critical data. Microsoft Cloud App Security provides rich visibility, control over data travel, and sophisticated analytics to identify and combat cyber threats across all your Microsoft and third-party cloud services. |
| 19 | + |
| 20 | +## Discover and manage shadow IT in your network |
| 21 | + |
| 22 | +When IT admins are asked how many cloud apps they think their employees use, on average they say 30 or 40, when in reality, the average is over 1,000 separate apps being used by employees in your organization. Shadow IT helps you know and identify which apps are being used and what your risk level is. Eighty percent of employees use unsanctioned apps that no one has reviewed and may not be compliant with your security and compliance policies. And because your employees are able to access your resources and apps from outside your corporate network, it's no longer enough to have rules and policies on your firewalls. |
| 23 | + |
| 24 | +Use Microsoft Cloud App Discovery (an Azure Active Directory Premium P1 feature) to discover which apps are being used, explore the risk of these apps, configure policies to identify new risky apps, and unsanction these apps in order to block them natively using your proxy or firewall appliance. |
| 25 | + |
| 26 | +- Discover and identify Shadow IT |
| 27 | +- Evaluate and analyze |
| 28 | +- Manage your apps |
| 29 | +- Advanced Shadow IT discovery reporting |
| 30 | +- Control sanctioned apps |
| 31 | + |
| 32 | +### Learn more |
| 33 | + |
| 34 | +- [Discover and manage shadow IT in your network ](https://docs.microsoft.com/cloud-app-security/tutorial-shadow-it) |
| 35 | +- [Discovered apps with Cloud App Security ](https://docs.microsoft.com/cloud-app-security/discovered-apps) |
| 36 | + |
| 37 | +## User session visibility and control |
| 38 | + |
| 39 | +In today’s workplace, it’s often not enough to know what’s happening in your cloud environment after the fact. You want to stop breaches and leaks in real time before employees intentionally or inadvertently put your data and your organization at risk. Together with Azure Active Directory (Azure AD), Microsoft Cloud App Security delivers these capabilities in a holistic and integrated experience with Conditional Access App Control. |
| 40 | + |
| 41 | +Session control uses a reverse proxy architecture and is uniquely integrated with Azure AD Conditional Access. Azure AD Conditional Access allows you to enforce access controls on your organization’s apps based on certain conditions. The conditions define who (user or group of users) and what (which cloud apps) and where (which locations and networks) a Conditional Access policy is applied to. After you’ve determined the conditions, you can route users to Cloud App Security where you can protect data in real time. |
| 42 | + |
| 43 | +With this control you can: |
| 44 | +- Control file downloads |
| 45 | +- Monitor B2B scenarios |
| 46 | +- Control access to files |
| 47 | +- Protect documents on download |
| 48 | + |
| 49 | +### Learn more |
| 50 | + |
| 51 | +- [Protect apps with Session Control in Cloud App Security ](https://docs.microsoft.com/cloud-app-security/proxy-intro-aad) |
| 52 | + |
| 53 | +## Advanced app visibility and controls |
| 54 | + |
| 55 | +App connectors use the APIs of app providers to enable greater visibility and control by Microsoft Cloud App Security over the apps you connect to. |
| 56 | +Cloud App Security leverages the APIs provided by the cloud provider. Each service has its own framework and API limitations such as throttling, API limits, dynamic time-shifting API windows, and others. The Cloud App Security product team worked with these services to optimize the use of APIs and provide the best performance. Taking into account different limitations services impose on their APIs, the Cloud App Security engines use their maximum allowed capacity. Some operations, such as scanning all files in the tenant, require numerous API calls so they're spread over a longer period. Expect some policies to run for several hours or days. |
| 57 | + |
| 58 | +### Learn more |
| 59 | + |
| 60 | +- [Connect apps in Cloud App Security ](https://docs.microsoft.com/cloud-app-security/enable-instant-visibility-protection-and-governance-actions-for-your-apps) |
| 61 | + |
| 62 | +## Next steps |
| 63 | + |
| 64 | +- [Discover and manage shadow IT in your network ](https://docs.microsoft.com/cloud-app-security/tutorial-shadow-it) |
| 65 | +- [Discovered apps with Cloud App Security ](https://docs.microsoft.com/cloud-app-security/discovered-apps) |
| 66 | +- [Protect apps with Session Control in Cloud App Security ](https://docs.microsoft.com/cloud-app-security/proxy-intro-aad) |
| 67 | +- [Connect apps in Cloud App Security ](https://docs.microsoft.com/cloud-app-security/enable-instant-visibility-protection-and-governance-actions-for-your-apps) |
0 commit comments