Office 365 Cloud Security
Office 365 cloud security is a rich solution that protects one of the most widely-used cloud-based business tools. Designed to support organizations of all sizes, Office 365 cloud security offers a powerful toolset to protect against unauthorized access to systems and data.
Let’s jump in and learn:
- What are the Differences Between Microsoft Defender for Cloud Apps and Office 365 Cloud App Security?
- A comparison of Microsoft Defender for Cloud Apps and Office 365 Cloud App Security from Microsoft
- What Is Microsoft Cloud App Security?
- O365 Cloud App Security
- Microsoft Cloud App Security Concerns
- Powerful Enough for the Most Security Conscious Organizations in the World
What are the Differences Between Microsoft Defender for Cloud Apps and Office 365 Cloud App Security?
Microsoft Defender for Cloud Apps
Microsoft Defender for Cloud Apps is a Cloud Access Security Broker (CASB) that operates on multiple clouds. It provides data controls and threat protection for cloud apps. It also gives visibility into cloud apps that are in use.
Office 365 Cloud App Security
Office 365 Cloud App Security is a subset of Microsoft Defender for Cloud Apps. It brings enhanced visibility and control for apps in the Office 365 suite. It provides Office 365 cloud security, including threat detection based on user activity logs, the discovery of unauthorized apps, controls for app permissions to Office 365, and the configuration of access and session controls. Office 365 Cloud App Security has access to all of the features of Microsoft Defender for Cloud Apps, but supports only the Office 365 app connector.
A Comparison of Microsoft Defender for Cloud Apps and Office 365 Cloud App Security from Microsoft
| Capability | Feature | Microsoft Defender for Cloud Apps | Office 365 Cloud App Security |
| Cloud Discovery | Discovered Apps | 25,000 + cloud apps | 750+ cloud apps with similar functionality to Office 365 |
| Deployment for discovery analysis | -Manual upload-Automated upload - Log collector and API-Native Defender for Endpoint integration | Manual log upload | |
| Log anonymization for user privacy | Yes | ||
| Access to the full Cloud App Catalog | Yes | ||
| Cloud app risk assessment | Yes | ||
| Cloud usage analytics per app, user, IP address | Yes |
| Capability | Feature | Microsoft Defender for Cloud Apps | Office 365 Cloud App Security |
| Ongoing analytics & reporting | Yes | ||
| Anomaly detection for discovered apps | Yes | ||
| Information Protection | Data Loss Prevention (DLP) support | Cross-SaaS DLP and data sharing control | Uses existing Office DLP (available in Office E3 and above) |
| App permissions and the ability to revoke access | Yes | Yes | |
| Policy setting and enforcement | Yes | ||
| Integration with Azure Information Protection | Yes | ||
| Integration with third-party DLP solutions | Yes | ||
| Threat Detection | Anomaly detection and behavioral analytics | For Cross-SaaS apps including Office 365 | For Office 365 apps |
| Manual and automatic alert remediation | Yes | Yes | |
| SIEM connector | Yes. Alerts and activity logs for cross-SaaS apps. | For Office 365 alerts only | |
| Integration to Microsoft Intelligent Security Graph | Yes | Yes | |
| Activity policies | Yes | Yes | |
| Conditional Access App Control | Real-time session monitoring and control | Any cloud and on-premises app | For Office 365 apps |
| Cloud Platform Security | Security configurations | For Azure, AWS, and GCP | For Azure |
What Is Microsoft Cloud App Security?
Renamed Microsoft Defender for Cloud Apps, Microsoft Cloud App Security is a Cloud Access Security Broker (CASB) that monitors all activity between cloud service users and cloud applications and enforces security policies. It supports various deployment modes, including log collection, API connectors, and reverse proxy to provide visibility and control over data travel along with analytics to identify and mitigate risk across all Microsoft and third-party cloud services.
Four ways that Microsoft Cloud App Security helps protect cloud assets are:
1. Mitigates risk from unsanctioned applications, also referred to as shadow IT, by discovering all applications running on a network.
2. Supports the detection and remediation of cybersecurity threats by combining multiple detection methods that flag suspicious activities, such as:
- Activity from a country with no connection to users in the organization or a suspicious IP addresses
- Excessive file download activities
- Impossible travel
- Malware
- Ransomware
- Suspicious inbox forwarding
- Unusual administrator activities
3. Enforces compliance with regulations, such as the European Union’s General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA), and the Payment Card Industry Data Security Standard (PCI DSS).
4. Makes it easy to discover, classify, and secure sensitive information that is shared and stored in the cloud.
O365 Cloud App Security
Providing visibility and control across the platform, Office 365 Cloud App Security includes best-of-breed functionality to:
- Apply access controls to different Office 365 apps
- Control permissions to Office 365
- Detect threats based on user activity logs
- Implement activity policies
- Integrate to Microsoft Intelligent Security Graph
- Look for shadow apps that are similar to Office 365 in functionality
- Set manual and automatic alert remediation
Office 365 Cloud App Security can also be used to cover three core stages of the NIST 800-61 Incident Response Lifecycle—Detection, Analysis, and Containment—for responding to unauthorized access activity.
Detect Unusual Activity
Office 365 Cloud App Security supports early detection of suspicious activity by providing:
- Ability to recognize where sensitive data lives
- Insight into all user activity
- Out-of-the-box policies and queries to recognize anomalous and suspicious activity
- Support for customized policies
- View into users’ access rights for specific files and folders
- Visibility to recognize third-party app usage
Analyze the Risk
Office 365 Cloud App Security provides functionality to improve the analysis of security events, including:
- Ability to check user access to recognize sensitive data at risk
- Advanced queries to filter results to specific indicators
- Export logs for further analysis, litigation, insurance, and reporting
- IP address information embedded in activity logs
- Point and click filtering
- Queries saved for continuous monitoring
- Rich useful data included in alerts
- SIEM integration for correlating logs
- Support for creating queries to search the activity log
Contain the Threat
Below are containment opportunities provided with Office 365 Cloud App Security include:
- Policy settings that automate a governing action if triggered
- Suspension of users to prevent access until an incident is resolved
- Requirement that users sign in again by revoking refresh tokens and session cookies
Microsoft Cloud App Security Concerns
As with any security, the efficacy of Microsoft Cloud App Security comes down to proper implementation, configuration, management, and maintenance. Largely concerns about Microsoft Cloud App Security are unfounded.
Powerful Enough for the Most Security Conscious Organizations in the World
Skepticism about the security of cloud-based solutions has been replaced by a widely-held and data-supported faith in the power of cloud security. Office 365 cloud security is no exception. It is found at every level of the platform, from application development to physical data centers to end-user access. The standards to which Office 365 cloud security adheres are the industry’s best and meet the stringent requirements of some of the most security-conscious organizations in the world—from the U.S. government to global financial institutions.
Egnyte has experts ready to answer your questions. For more than a decade, Egnyte has helped more than 16,000 customers with millions of customers worldwide.
Last Updated: 9th January, 2023
