We just raised a $30M Series A: Read our story

Microsoft Cloud App Security OverviewUNIXBusinessApplication

Microsoft Cloud App Security is the #3 ranked solution in our list of CASB solutions. It is most often compared to Cisco Umbrella: Microsoft Cloud App Security vs Cisco Umbrella

What is Microsoft Cloud App Security?

Microsoft Cloud App Security is a cloud access security broker (CASB) that provides multifunction visibility, control over data travel, and sophisticated analytics. With Microsoft Cloud App Security, you can: 

- Manage, control, and audit apps to streamline cloud access security

- Mange your access to resources to discover shadow IT and understand your digital information estate

- Use real-time controls to enable threat protection on all the access points that touch your environment

To learn more about our solution, ask questions, and share feedback, join our Microsoft Security and Compliance Community.

Microsoft Cloud App Security is also known as MS Cloud App Security.

Microsoft Cloud App Security Buyer's Guide

Download the Microsoft Cloud App Security Buyer's Guide including reviews and more. Updated: October 2021

Microsoft Cloud App Security Customers

Customers for Microsoft Cloud App Security include Accenture, St. Luke’s University Health Network, Ansell, and Nakilat.

Microsoft Cloud App Security Video

Pricing Advice

What users are saying about Microsoft Cloud App Security pricing:
  • "I'm not totally involved in the pricing part, but I think its pricing is quite aggressive, and its price is quite similar to Netskope. Netskope has separate licensing fees or additional charges if you want to monitor certain SaaS services, whereas, with MCAS, you get 5,000 applications with their Office 365. It is all bundled, and there's no cost for using that. You only have the operational costs. In the country I am in, it is a bit difficult to get people with the required skill sets."
  • "Its pricing is on the higher side. Its price is definitely very high for a small-scale company. As an enterprise client, we do get benefits from Microsoft. We get a discounted price because of the number of users we have in our company. We have a premier package, and with that, we do get a lot of discounts. There are no additional costs. It only comes in the top-tier packages. Generally, the top-tier license is the best license that you can get for your organization. If you want, you can buy it separately, but that's not a good idea."
  • "The pricing is a little bit high but right now, we are okay with it because of the compatibility with Office 365, Teams, and Azure AD."

Microsoft Cloud App Security Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
RK
Cloud Security & Governance at a financial services firm with 10,001+ employees
Real User
Top 20
Integrates well and helps us in protecting sensitive information, but takes time to scan and apply the policies and cannot detect everything we need

Pros and Cons

  • "The feature that helps us in detecting the sensitive information being shared has been very useful. In addition, the feature that allows MCAS to apply policies with SharePoint, Teams, and OneDrive is being used predominantly."
  • "It takes some time to scan and apply the policies when there is some sensitive information. After it applies the policies, it works, but there is a delay. This is something for which we are working with Microsoft."

What is our primary use case?

MCAS was onboarded for the purpose of detecting shadow IT. As the organization moved towards more SaaS solutions, we wanted to make sure that there is a way to monitor and govern the IT services coming up as shadow IT. We are a very big organization where a lot of services get onboarded, and some of the things may go unnoticed. We wanted to detect the shadow IT software being installed or shadow IT happening within a department or business unit.

We also wanted to make sure that the cloud access security broker provides a DLP kind of solution for Office 365. For example, if I am uploading a document with PI data, MCAS should scan and make sure that the right classification is applied. When the right classification is applied, the document gets encrypted, and relevant information protection is applied. If the right classification is not applied, the users are alerted to make sure that they go and remediate the document, task, file, etc.

This is how we started with this solution the last year. Going forward, as a strategic solution, we are also looking at using MCAS to govern the Office environment. We have started onboarding solutions like Microsoft Teams, SharePoint Online, OneDrive, and Exchange Online. 

Our setup is a mixture of on-premises and cloud solutions. At this point in time, the major cloud providers are AWS and Azure, and we also have on-premises products such as Symantec DLP, Doc Scan, etc.

How has it helped my organization?

There are certain regulatory requirements in our bank for personal data and confidential information that need to be monitored from a security standpoint. It is a regulatory and standard requirement to have such a solution in place. 

MCAS is a dedicated solution for Office 365 and other productivity-related solutions, and it really helps to automate some of the processes. It would have been difficult for us to find a similar product. It gels well with some of the solutions or technologies that we have, especially with Microsoft Azure and Office 365.

From a security monitoring perspective, there is a productivity improvement and fewer human errors.

In terms of user experience, if users mistakenly put PI information or some kind of data, it can detect and alert them. From that aspect, it is doing the job, but we are using it from a security standpoint. I'm more from a regulatory environment, and there are security requirements that are enforced by regulators. So, we cannot provide some of the end-user experience features, and there should always be a balance between the end-user experience and the security standpoint. MCAS is more of a backend security posture product. I won't position it as enhancing the user experience.

What is most valuable?

The feature that helps us in detecting the sensitive information being shared has been very useful. In addition, the feature that allows MCAS to apply policies with SharePoint, Teams, and OneDrive is being used predominantly.

It is a kind of unified solution. As compared to other solutions such as Netskope, Symantec, or McAfee, it provides a more unified reporting structure.

It also integrates with other technologies. We have Azure Information Protection, and it goes well with the solutions that we are already using.

What needs improvement?

It takes some time to scan and apply the policies when there is some sensitive information. After it applies the policies, it works, but there is a delay. This is something for which we are working with Microsoft.

It cannot detect all the things that are required as per our bank's standards. We are working with Microsoft to see how they are going to help us resolve this, and based on NDA, which new features are coming in because we require a unified solution. We have other security solutions that are working on top of it, but we don't want to use multiple solutions and then end up with a human error. From a security perspective, the weakest link is human error. If certain features are monitored by MCAS, certain features are handled by Zscaler, and certain features are handled by Symantec DLP, it becomes difficult to synchronize from an operational standpoint. This is the situation we are in currently, but these issues come with new products or new cloud solutions. We have to slowly orchestrate and see how to unify the solutions. So, at present, it doesn't solve all the problems. There are many problems, but at least, we have other solutions that are currently providing some mitigation.

It doesn't provide any way to scan Microsoft Teams when an external exchange of images is happening. You can always do the filtering on the documents during the chat, but if there is an image, then some kind of OCR capability is required to detect it. At present, there is no way MCAS can go and detect those kinds of images and alert us. They can maybe integrate it with an existing OCR-capable product. This is something that we are absolutely looking into. There should also be a feature to immediately increase the time to detect some PI information being exchanged via chat.

Its reporting capabilities can be better. Currently, to generate reports, you need to have Power Automate in place. If such capabilities are built into the product, it would be easier because when we bring in Power Automate, we need to make sure that Power Automate also gets monitored from the DLP and governance standpoints. MCAS doesn't have many reporting capabilities, and it's really an operational nightmare to get all these things done at this point in time by using MCAS. These are some of the operational capabilities that our engineers require from this solution from the reporting perspective. Symantec and other solutions are more mature in this area. It could be because MCAS is still an upcoming product.

For how long have I used the solution?

We onboarded Office 365 and cloud services less than two years ago. MCAS was one of the strategic and DLP kind of solutions for Office 365 and other productivity products. Because the onboarding of the cloud services is in phases and not everything can be onboarded at the same time and it requires the involvement of different security and project departments, MCAS was onboarded last year.

What do I think about the scalability of the solution?

From an enterprise perspective, it meets most of the interoperability requirements. So, scalability is there. I don't see an issue from the scalability perspective. Only features are missing here and there.

Currently, it is almost serving the entire bank. In terms of the SaaS products that MCAS is monitoring and the number of users it is serving, we have onboarded around 40,000 users for Office 365 and other SaaS products. Eventually, it will be serving the entire bank, but at this point in time, it is only serving all Office 365 and SaaS product users. 

It is more of a cybersecurity solution for the bank to comply with all the security requirements and meet the security quotient. The end users don't see MCAS as a direct solution, but MCAS is providing security services for the bank behind all the services.

How are customer service and technical support?

We have proper help desk support. For example, if someone uploads a document that has PI data and there is an issue, it is highlighted to the user asking them to remediate it. The manager is also copied. The help desk takes care of such things. 

Once the solution is implemented, it is almost auto-run. From the support perspective, it is mostly about why did I get this alert, what was wrong with this document, etc. Such things are usually taken care of by the user because users are responsible for what content they are allowed to load on a particular website, SharePoint site, or software. A robust change management process and help desk are already in place, and I don't see a big concern on this aspect.

Which solution did I use previously and why did I switch?

Previously, we didn't have any cloud product. We only had on-premise products. Our organization joined the cloud around one and a half years ago mainly because of this pandemic situation.

How was the initial setup?

It depends on the requirements. Certain requirements are really complex. The deployment itself is quite fast because MCAS is on the cloud, but there are a lot of requirements from the regulations and the bank's standards perspective.

It took us one week for the architecture and to decide things like whether we need a reverse proxy. To have all the requirements and get all the things done in an enterprise environment, typically, a simple product like MCAS can take three to six months. That's because there are a lot of governance requirements, and we need to make sure there is no PI data, and the keys are encrypted somewhere in the user ID part. 

In terms of the implementation strategy, at the high level, for Office 365 and SaaS solutions, we wanted a unified product to replace our existing one. From the strategy perspective, we wanted to go to the cloud. MCAS was able to integrate with most of our Office productivity tools. We procured the licenses and then went through the strategy of the bank and how the product can meet the needs. This was at a very high level. Of course, when we go into operations, we get operational challenges. That's why we need to have a longer time period to make a product coexist with the existing products.

What about the implementation team?

We have our own department, and they are trained in it. We also engage all sorts of vendors to provide us the results. At least for the interiors, we do not engage a third-party reseller or contractor.  

It was more of an in-house implementation, but Microsoft helped us in coming up with a service design for Azure-related products including Office 365. Based on our requirements and infrastructure, they provided high-level architecture and design documents and told us about the things to be included or considered. We took that service design document and built our operations based on that and got it to work. So, the service design came from Microsoft, but hands-on was by our bank.

In terms of maintenance, this is actually managed by security folks and cybersecurity services. Currently, it is being managed by three people. There are only three operators. Of course, when there are new things to be implemented and new policies to be created, it goes to engineering. For changes, we need one more person on average. So, there are a total of four people.

What was our ROI?

I can't give a specific number. One of the returns on investment is that we will soon be getting rid of our on-premise infrastructure and maintenance. The CapEx costs and repeated hardware refresh cycle are gone. From that perspective, there are savings. All we need is the skill set to maintain and manage a particular cloud access security broker. Today, we have four people, and tomorrow, it could be eight people because of the increase in the number of applications. The bottom line is that we will get rid of all operational issues in terms of patching and fixing different systems. We don't have to patch the Windows systems, Linux systems, etc. All these are taken care of and are maintained in the cloud.

What's my experience with pricing, setup cost, and licensing?

I'm not totally involved in the pricing part, but I think its pricing is quite aggressive, and its price is quite similar to Netskope. 

Netskope has separate licensing fees or additional charges if you want to monitor certain SaaS services, whereas, with MCAS, you get 5,000 applications with their Office 365. It is all bundled, and there's no cost for using that. You only have the operational costs. In the country I am in, it is a bit difficult to get people with the required skill sets.

Which other solutions did I evaluate?

I have been here for just around one year.  When I came, they were already using MCAS. In my previous organization, I made the decision to use MCAS for Office 365. For the entire cloud, I decided to use a dedicated cloud access broker like Cisco. It really depends on the organizational requirement and how they want to size their IT department. 

There are pros and cons. If you are totally on Microsoft products, MCAS has an integration. Otherwise, there are other products that may work better. Of course, you may still be dependent on some APIs from the cloud providers. It really depends on the organization's strategy.

What other advice do I have?

My advice would be that an organization should assess where they are today and then map out what do they want from a cloud access security broker product. After that, they should decide whether MCAS or another product meets their requirements. This is important because you may have all the things in terms of interoperability and a solution may be the best fit from an operational perspective, but if all of the requirements are not met, you may end up using multiple products. Therefore, an organization must assess its current IT infrastructure, where do they want to go, and what are the key requirements from a regulatory and IT governance standpoint. They also have to make sure they have the right skillset in the market. For example, in Singapore, if I want to implement Google Cloud, the skillset is very less as compared to the skillset for AWS.

From a vendor perspective, you should assess the reputability of the vendor and what kind of capability the vendor provides. For example, it's very obvious that Microsoft is very good at integrating its own products. They have now also started to integrate with others. These are some of the aspects you should consider before making a decision between product A or B. There is no magic silver bullet.

From a security standpoint, overall, it has satisfied 80% of our requirements in terms of regulatory and bank standards. For 20% of our requirements, we still need additional products or features. They are currently not really there, and we are trying to find the solution for those gaps. In general, MCAS has a long way to go. It is definitely a good product that integrates with Office 365 Suite very well, but from a capability perspective, other products such as SkyHigh, McAfee, or Symantec have more features. It has the potential. A lot of features are lined up in MCAS, and eventually, they'll be there. These features are mentioned on Microsoft's website, and they are in development. I am looking forward to those.

In terms of data governance, we have a very good tool, and we just need to focus on how to govern the data, DLP policies, etc. We don't have to bother about the physical data center, physical network, or physical host. The entire layer below the server is gone, and we just have to focus on the identity and security aspects. We just need to focus on what kind of security we need to put and which policies do we need to implement. We get better visibility by focusing on the key client endpoints by using MCAS. The team is now really focused. Previously, every day, teams used to come up with issues like, "Network has this problem. Data has this problem, and Host has this problem." Now the focus is, "Hey, this MCAS DLP isn't doing the job." The focus is more on the product's capability.

I would rate Microsoft Cloud App Security a seven out of 10.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
SG
Senior Cloud & Security Consultant at a tech services company with 11-50 employees
MSP
Great for monitoring user activity and protecting data while integrating well with other applications

Pros and Cons

  • "The solution does not affect a user's workflow."
  • "The integration with macOS operating systems needs to be better."

What is our primary use case?

If there's any data that is taken out from their corporate applications, on their managed devices, and being taken out and stored somewhere else, on an application that is not managed, they don't have visibility on that.

Therefore, with Cloud App Security, the main use case is to identify information about applications that are way beyond their boundaries and to understand what people are accessing them as well as if those applications are safe or not. It's a Shadow IT discovery solution.

Apart from that, it's a solution used to protect corporate data from being taken out of those applications and being shared externally with people who are not meant to have those documents or data. It's a solution designed to prevent exfiltration and data filtration of corporate data from those applications to unknown people that may happen without proper visibility.

Basically, it's used for two purposes: providing control of the data that is in cloud applications, and shadow IT discovery. That's the major purpose of Cloud App Security.

What is most valuable?

This solution acts as an identity and posture management assessment solution also. When you have your on-prem AD integrated with Defender for Identity, it can understand your identity posture.

It can understand things like your Active Directory spread or the current state of your Active Directory on certain recommended practices. For example, if users in your organization are not using secure log-in methods. If their LDAP authentication is not secure, you'll get that information. That's identity and posture management. For your on-prem AD, if you have the solution deployed, which is Defender for Identity, it'll give you an understanding of your identity state, of your on-prem AD state, and give you recommendations accordingly, on what needs to be changed and managed, to make sure that you're secure.

Apart from that, it also integrates with third-party solutions and services. For example, in an organization with multiple cloud applications. Typically, you don't have visibility over user activities or logs. You don't have control over the data. If a user logs in from one location and then the user logs into that application from another location, you don't have the visibility as you don't have ML and AI capabilities inbuilt. With this solution, once it integrates with those applications, it has inbuilt default functionality of ML and automation. It is able to understand the user's behavior and identify inconsistencies in user accounts, for those applications, and can give you suggestions or raise alerts. 

The solution does not affect a user's workflow. It is not a user-specific solution. Users would not see the change in their usual behavior and their usual activities as such. The user does not really know what's happening in the background. The Cloud App Security is a solution for your whole organization, to make sure that you're monitoring the right activities - for example, those activities that are really uncommon - or specific activities that you want to monitor. The company has the ability to create Cloud App Security policies for sets of users, however, the users themselves do not see or feel the impact. 

An IT administrator manages the solution and it gives them a lot of information. They can see a lot of detail around how other users interact with data and applications across the company, and if anything unusual happens. 

What needs improvement?

The integration with macOS operating systems needs to be better. The Cloud App Security integrates with Windows Defender for Endpoint, which is able to monitor the traffic from Windows 10 operating systems. When it integrates with Defender for Endpoints, the macOS capability does not let you directly see the shadow IT discovery. You have to be in your network, to be able to see if any activity from a macOS operating system is happening. If you're working from home without a VPN connection nowadays, which is the usual case for a remote workplace, you can't really monitor or track the activities in the shadow IT that users are using offsite on macOS operating systems.

The Cloud App Security integration with external DLP solutions is not so seamless. There are solutions that you can integrate with Cloud App Security as an external DLP solution, however, it's not so seamless that you can have the integration with the endpoint. It's there, yet, it's not so seamless and integrable.

For how long have I used the solution?

I've been using the solution for the past five years.

What do I think about the stability of the solution?

It's been stable for the past little while. The improvement has been immense, however, overall, it's a stable solution. It has not changed so much. Of course, the implementation of feature sets and improvements have happened, although they're almost similar. I would say it's a stable solution in general.

What do I think about the scalability of the solution?

An average organization would almost utilize 100 to over 150 applications. They wouldn't really have an understanding of what activities are happening across those corporate applications. You can integrate N number of applications. There are approximately 16,000 plus applications that you can monitor and integrate with Cloud App Security. Then, based on those applications, you can understand the users' behavior.

The benefit you get is that you are able to monitor all your applications and control the data that goes out of those applications. You can also control any sort of activity, which you feel should not be happening on that application. The user can be prevented from doing certain activities. Cloud App Security helps you do that across as many apps as you want.

In terms of users. the default Cloud App Security is just a license-based solution. As long as you have users in your organization, you just buy licenses from Microsoft and assign those licenses to your user accounts. It's very scalable. 

There are a few parts to it. For example, shadow IT discovery, which is an added feature that allows you to be able to implement additional users in your organization. The Cloud App Security will also require additional infrastructure. Let's say if the data set that Cloud App Security is absorbing at a particular time span, if it increases, then you probably have to implement additional on-prem resources or cloud resources for it to be able to track all of the network data.

Depending on the data set that you're ingesting in Cloud App Security, you might have to increase your workload on-prem. Other than that, Cloud App Security itself is a very scalable solution.

When it comes to the size of organizations I've worked with, I should note I am personally a Microsoft consultant only. I work on Microsoft projects and with Microsoft's clients only. I've worked with organizations with 15,000 users and an organization that has approximately 6,000 users. I've worked with organizations that have 500 users. The size of the company varies.

How are customer service and support?

Microsoft has different support tiers. If it's Pro support I would rate it at a seven or seven-and-a-half at a maximum. There are Premier support services and there are Professional supports, another type of support service. Premier support service is very good. I would rate that at an eight-and-a-half or nine. 

Pro support is if you buy a basic license for an organization. It's not so great and yet still good. For Pro support, you usually do not get routed to Microsoft people. Those are generally people who are third-party support service providers.

The problem is, specifically in India, it's also specific to locations, as sometimes if you're working in a different location, you get different support. As I mentioned, it's third-party support usually that you get with Cloud App Security or any Microsoft solution Pro support.

The level of knowledge you get is totally dependent on how the organization and how the third-party service provider is. Usually, there are time delays. Sometimes their initial response will happen, and then they will take time in responding back and/or aligning a resource. Sometimes that resource is not technically advanced or technically skilled and can't fully understand the problems at hand. In that case, they require escalating most of those cases to the technical consultants. If it's a typical question, a typical scenario, I would say it's good. Cloud App Security is a beast of a product, so the major issue is with the Pro support.

If it would have been directly with Microsoft, this help has been really good, however, it's a third-party service provider who's helping you out, and they just don't have the insights an actual Microsoft user has. 

Which solution did I use previously and why did I switch?

I don't have any experience working with a third party or a competitor of Cloud App Security, however, I know there is one called McAfee, which is supposed to be equally good.

McAfee offers a cloud app security service that is very, very good and close to what Microsoft offers. That is what I understand from customers and the discussions I've had surrounding it, though I have not really worked on McAfee. What I understand from customers is, Cloud App Security, the integration, the capabilities that it has to offer, are much more advanced. For example, Microsoft's identity posture assessment. There is no solution in Europe, anywhere, which offers such a capability. It's an integrated solution with Defender for Identity, however, it's a service that Cloud App Security at least offers, which otherwise would not be available.

Similarly, integration with the number of applications, as I mentioned, is great with Microsoft. The capability for you to monitor and route your traffic for all of these different applications, and to be able to analyze the traffic from those corporate applications is important.

The reverse proxy capability that Microsoft Cloud App Security offers is really good. It lets you track anything in real-time, and monitor all those things, which is not possible using other solutions.

How was the initial setup?

The initial onboarding of Cloud App Security with Office 365 is pretty straightforward. For an organization that does not use Office 365 as its primary SaaS application, you will still have to follow a few steps, however, those are also straightforward steps.

In general, I would say, Cloud App Security implementation, within the initial adoption of an application, is very seamless. 

The time it takes to deploy depends on the use cases. If you're talking about a simple activation of Cloud App Security, and enabling and monitoring the activities of certain basic applications, it shouldn't take more than a few hours for integration. If there are more complex situations, more complex scenarios, depending on what the scenarios are, then there may be a little bit more effort and time required. Other than that, if the default integration with applications is already there, it should not take more than a few hours to have it up and running.

What's my experience with pricing, setup cost, and licensing?

I've worked with almost eight to 10 customers using Cloud App Security. This is Microsoft Cloud App Security. Cloud App Security has two offerings. One is Office 365 Cloud App Security, which is a basic cloud app security. Then there is Advanced Cloud App Security which is called Microsoft Cloud App Security.

The Office 365 one, the one which you get with E5 licenses, it'll give you basic Office 365 monitoring and snapshot reports, but not a whole lot of capabilities.

That said, I don't have any information about the actual costs of the license themselves. 

What other advice do I have?

I deploy this solution. I don't utilize this solution as a solution for my organization, and instead, deploy this solution for clients. I'm a consultant for this product. My company is a Microsoft partner. 

This is a SaaS application.

I would advise new users to first try to identify the applications which are corporate-owned applications, be it if it's an on-prem application or if it's a cloud application. Once you identify all those applications which you're using in your organizations as a whole, you should try to integrate all those applications with Cloud App Security. 

Once you've started integrating and planning ahead what applications are needed to be monitored first, start integrating those applications and monitoring them. Slowly, integration after integration, all the monitoring will start happening.

Once the integration for those applications has happened, you should go ahead and start implementing what kind of policies you want. If you want activity monitoring policies, then you should start creating those activity monitoring policies. Let's say you want to apply DLP policies for third-party applications. You will need to reach out to those different teams who'll be able to give you better answers as to how to approach the data that is being shared or being uploaded from those applications to any other applications.

Based on that, create those policies in Cloud App Security. The correct and the right approach is to use the network appliances that you have in your organization. Once you have identified that information, you can go ahead and start implementing the Cloud App Security and start integrating those network appliances and those applications with Cloud App Security.

Overall, I would rate the solution at an eight out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Learn what your peers think about Microsoft Cloud App Security. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
541,708 professionals have used our research since 2012.
Savad Siddeeque
Office 365 Consultant at Danfoss
Consultant
Top 20
Integrates with many applications and provides robust threat protection and tailor-made recommendations to improve your environment

Pros and Cons

  • "Threat detection is its key feature, and that's why we use this tool. It gives an alert if a PC is attacked or there is any kind of anomaly, such as there is a spike in sending emails or we see an unauthorized website being accessed. So, it keeps us on our toes. We get to know that there is something wrong, and we can isolate the user and find any issues with it. So, threat detection is very robust in this tool."
  • "The response time could be better. It will be helpful if the alerts are even more proactive and we can see more data. Currently, the data is a little bit weak. It is not complete. I can't just see it and completely know which user or which device it is. It takes some effort and time on my part to investigate and isolate a user. It would be great if it is more user-friendly or easy for people to understand."

What is our primary use case?

We use it in our company for threat detection. My company is into manufacturing, and our IT support is within premises. We don't do client services.

It is a SaaS solution. It is not supported on-premises. The deployment that we have is purely cloud-based.

How has it helped my organization?

Cloud App Security is an ever-evolving technology. It is based on artificial intelligence. It uses some data sets that capture all the tools within Office 365 package. It collects all the data majorly in the Office 365 space, and it understands the usage. Across the globe, there might be millions of Microsoft users, and it tries to capture all the data cumulatively and see any anomalies. That is how Microsoft gives you the data. They study different types of organizations in terms of how they behave, what kind of security loopholes can be found in them, and then they give you recommendations. You just implement these recommendations to secure the environment. So, what you get is a tailor-made solution where you can find all recommendations because it is based on artificial intelligence. They give you a tailor-made recommendation to improve your environment. They might recommend multifactor authentication, role-based access, etc. They provide you the classical representation on which users we can target and safeguard more.  All these things are very useful. That's how this tool is helping Microsoft customers, and this is how we have also been using it.

My company relies upon this technology. For us, it is very critical to know any attack beforehand and be prepared for it. In our environment, there are many endpoints, and many devices interact. We have an email system, a storage system, and other systems. The beauty of Cloud App Security is that it can learn data from different applications. For example, Adobe is an application that I'm integrating with Office 365. So, I can expand my horizon of search to that tool and see how that interacts with us. I will get more real-time data, and I will know more use cases about it.

What is most valuable?

Threat detection is its key feature, and that's why we use this tool. It gives an alert if a PC is attacked or there is any kind of anomaly, such as there is a spike in sending emails or we see an unauthorized website being accessed. So, it keeps us on our toes. We get to know that there is something wrong, and we can isolate the user and find any issues with it. So, threat detection is very robust in this tool.

We can integrate any SaaS-based application with it. It can scan your network and physical devices and the software that you're using. It tries to fetch cumulative data when there are any authentication-related attacks or any network-related attacks and gives us some kind of intimation. We get real-time graphical data, and then we need to do our work to solve the problems.

The product is great. The major benefit is that it is a Microsoft tool. So, if you're in a Microsoft ecosystem, this is the best tool that you can get in the market. In terms of experience, it is unlike any other tool. It is good enough to do all the jobs that other tools are doing. So, you don't need any other tool if you are using it in a Microsoft ecosystem. 

What needs improvement?

The response time could be better. It will be helpful if the alerts are even more proactive and we can see more data. Currently, the data is a little bit weak. It is not complete. I can't just see it and completely know which user or which device it is. It takes some effort and time on my part to investigate and isolate a user. It would be great if it is more user-friendly or easy for people to understand.

If it is an Office 365 product, I expect it to be in the admin center. That way I would know that this is a part of Office 365. It feels like there is a mismatch, or they are trying to separate the product or do something like that. They should have streamlined the product.

It is not always accurate. Sometimes, there could be some hiccups, and you see false positives, but security is not always reliable, and you cannot depend on one tool to give you all accurate results. It gives me a report that I can see, and if needed, I can act proactively on something. If it is a false positive, it is fine. If it is not, we know that we have done something about it.

For how long have I used the solution?

We implemented it probably in 2019.

What do I think about the stability of the solution?

It is a new thing for Microsoft, and it still has a lot of room to improve.

What do I think about the scalability of the solution?

It is completely scalable out-of-the-box. It is completely in interaction with Office 365 services. It can go up to as many users as you have. So, if you have 100,000 users, it is capable of supporting them. I have some 50,000 users, and I'm happy that it is capable of doing that. We have implemented it 100%, and we are happy with what we have got.

It is good for an enterprise company. It is not for a small-scale business. 

How are customer service and support?

We don't require support frequently. I would rate them a seven out of 10. If you have a critical situation, you cannot expect them to give you a call immediately. My experience has not been so great with their paid support in terms of time. Sometimes, they don't even call you back, but when you do get support from them, they are excellent. So, you can't rely on them, and their response time can be improved, but their documentation is good enough. We can read the documentation and help ourselves.

Which solution did I use previously and why did I switch?

Before this, my company had some tools, but I'm not sure about them. They probably heavily relied upon Splunk and other APM tools. They have had this tool from the time I have been here. Personally, I haven't worked on technologies outside of Microsoft.

How was the initial setup?

It is very easy if you know what you're doing. You just click on the Next button multiple times, and it is complete. It is well-documented in the sense that we know what we can expect from the tool. The documentation is great, and the support is also excellent. So, my experience was very smooth, and it was done in a day.

It does not work on every license. You have to be an Enterprise customer, and you have to have a specific license to have the full benefits of it. So, you require the correct license, and you also need a certain amount of time for it to propagate. It is not immediate. Based on what we were told by Microsoft a few years ago, it takes 24 to 48 hours. They might have improved upon that. It tries to capture the complete environment details, and then it gives you a cumulative experience.

We work around the clock. We have six admins at different time zones who work with this solution.

What's my experience with pricing, setup cost, and licensing?

Its pricing is on the higher side. Its price is definitely very high for a small-scale company.

As an enterprise client, we do get benefits from Microsoft. We get a discounted price because of the number of users we have in our company. We have a premier package, and with that, we do get a lot of discounts. There are no additional costs. It only comes in the top-tier packages. Generally, the top-tier license is the best license that you can get for your organization. If you want, you can buy it separately, but that's not a good idea.

This tool alone is not a great investment, but when you get it as a part of the package from Microsoft, it is good. Along with Microsoft Teams, Office, Exchange, SharePoint, and other solutions, this added feature of an extra layer of security makes a lot of sense. If you are only using this tool, and it is not in a Microsoft ecosystem, then it is not worth it.

What other advice do I have?

For Office 365 environments, there is a great add-on benefit that comes with the Microsoft licensing package. If you have a Microsoft ecosystem, you can get it, and there is no need for any other tool. If you're not in a Microsoft ecosystem, don't bother buying it. It is a good competitor to other products such as Splunk. 

It has not affected our end-user experience in any way. The reason being this is an admin-oriented program, and it does not involve any end user. It just collects data from end-users and gives it to us. After that, it is up to us to act upon it. It does not do anything on its own. It is a threat detection tool, and it doesn't do anything on its own. We have to act to resolve a problem. For example, it will only say, "There is a user who is doing this. Do you want to act upon it? Yes or no?" Based on that, as an admin, we can do certain tasks remotely. The end-user will not know about it. We will see if there is a real threat, and we'll act upon it.

I would rate it a 10 out of 10. It is improving, but it still needs more improvements.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
SJ
Cyber Security Engineer at a tech services company with 10,001+ employees
Real User
Built-in templates provide security posture recommendations

Pros and Cons

  • "There are a lot of features with benefits, including discovery, investigation, and putting controls around things. You can't say that you like the investigation part but not the discovery. Everything is correlated; that's how the tool works."
  • "Currently, reporting is not very straightforward and it needs to be enhanced. Specific reports are not included and you need to run a query, drill down, and then export it and share it. I would love to have reports with more fine-tuning or granularity, and more predefined reports."

What is our primary use case?

It's used for data governance and security. It's a cloud security tool providing very good discovery around whatever is happening in your organization, such as what users are doing on the internet and how data is flowing out of your organization. It is then used to put controls around what information can go out, who downloads what, and how much they can download. It helps put controls around these types of things to create secure collaboration between your organization and its partners, customers, and vendors.

It's a SaaS platform. It's not like hardware or software where you install new updates or new versions. It's controlled by Microsoft in the backend.

How has it helped my organization?

They have made built-in templates. If you integrate your AWS account with Microsoft MCAS, using the predefined templates it will scan all the functionalities that are available or accessible after the integration. It will then provide security posture recommendations around issues such as how many buckets you have publicly available, what data is not encrypted, what is publicly available and insecure, and which devices are not backed up. It helps you to understand your security posture and to enhance it.

And when it comes to secure collaboration, if you have information that you have already restricted and you don't want it to be shared outside of your organization, with the help of MCAS session policies you can put controls around it. It's integrated with storage solutions and you can put the controls around things using labels such "classified," "restricted," or "confidential."

Another scenario where MCAS is helpful is when people are leaving your organization soon. It can happen that they hide and start downloading certain documents and files. MCAS can help identify mass downloads or mass uploads and what the user is doing. That kind of detailed analysis is available to senior management or the security team so that they can take whatever steps are necessary.

What is most valuable?

There are a lot of features with benefits, including

  • discovery 
  • investigation
  • putting controls around things.

You can't say that you like the investigation part but not the discovery. Everything is correlated; that's how the tool works. Once the discovery of everything you feed into it is done, it gives you a nice dashboard. You can then plan what needs to be controlled and governed, and what should not be accessible in your environment.

It's quite well integrated with all Microsoft services, like Information Protection, Azure Portal, and Azure IoT, among other things. There are also integrations with AWS and Salesforce.

What needs improvement?

Although they are already doing it, I would like to see more integration with market leaders like Slack.

Another area that can be improved is to provide more reporting functionality. Currently, reporting is not very straightforward and it needs to be enhanced. Specific reports are not included and you need to run a query, drill down, and then export it and share it. I would love to have reports with more fine-tuning or granularity, and more predefined reports.

For how long have I used the solution?

We have been using Microsoft Cloud App Security for at least the last two and a half years. We are a Microsoft partner. We do everything for their products, from design to implementation.

What do I think about the stability of the solution?

It's stable. It's more stable than other Microsoft services. In my two and a half years of experience with MCAS, there have only been two times that it went down and was not accessible to us. The services, policies, and controls were there. It was just that we were not able to access them. 

Whatever Microsoft has committed to in terms of stability, "99 point something," is pretty much true.

What do I think about the scalability of the solution?

It's a SaaS solution so the scalability depends purely on the organization: How many applications do they want to integrate with it and do they have the corporate licenses? MCAS itself is scalable. You don't need to deal with servers, or RAM, or finding a new data center. Scaling it is purely up to you and depends on how much data you want to feed it and on the use cases you want to use it for.

How are customer service and support?

I use Microsoft tech support at the highest levels. The experience with their tech support, as a partner, purely depends on what kind of contract you have and what kind of a relationship you have. If you have a very good relationship, you get responses when you need them. But when you talk about bugs or you are asking for a feature, you have to wait for their product life cycle. Overall, their support is good. Not average, but not excellent.

How would you rate customer service and support?

Neutral

How was the initial setup?

The initial setup of Cloud App Security is quite straightforward. It's not complex. Microsoft's documentation around it is absolutely great. It guides you through the settings you need to configure and whatever apps you need to integrate. There is no difficulty in getting it up and running. It is more seamless than any other solution. It is even easier to run on Windows machines because the documentation is very good. They have very clearly described what needs to be done.

Once you have all the requirements, like your user account and license, a person can configure it in a day because it's a SaaS solution. But the time it will take depends on the fine-tuning, and that is determined by why you are using MCAS. That's the important part. If you're looking at user behavior, or if you're looking at data, or if you're looking at infrastructure security posture, each of these will affect the time it takes. If it's just for shadow IT, it will take one or two days to configure. If you're integrating it with AWS to help with your security posture, it will take three or four days.

One engineer who has prior experience is more than enough, but having two guys for setup might be better.

Day-to-day maintenance, again, depends on how you are going to utilize it. If you already have a SOC running with four or five people in it and your environment is small to medium in size, five people can use this tool and get value out of it. If you are talking about an organization like Walmart or Microsoft or a multinational company that has users across regions, you will need more people to support it. MCAS is a tool. It will have the data, but you will need to use it.

What was our ROI?

I'm not involved with the cost side of the solution so I don't know how much has been invested in MCAS. But where it's adding value is around the controls. I'm sure there are savings in that regard.

Which other solutions did I evaluate?

I have not implemented any other solutions, but I looked into Zscaler cloud security. Because Zscaler is an independent company, it doesn't have that many solutions with Microsoft. A cloud app security solution should have native products as well as integration with many other products. On that point, Microsoft is way ahead. For example, 80 percent of the world is using Office 365 for email services and 60 percent are using SharePoint for information sharing. Because these tools are Windows products, the controls become easy to implement.

What other advice do I have?

My advice is to use it to its fullest capabilities. It has a lot of features and it is being enhanced daily. It's a full engine that you can use to discover all your assets in the cloud, whether they are on a public cloud or a private cloud. Every month or every quarter, look at what's new and how you can leverage it. You're already paying for those enhancements so use them, fine-tune them, and optimize them. The tool has a lot of capabilities. A lot of people only utilize it for information protection or tracking user activity or for their cloud-based security posture. Use it all. There's a lot in it.

MCAS is not a tool that interacts with end-users because there is no client. They don't know that MCAS is in the picture, so it doesn't impact the end-user.

The biggest lesson I would take from the use of Microsoft Cloud App Security is that you are being monitored. Do not use your professional device for personal use because there are more eyes and controls around.

In addition, the way you use MCAS is that you discover and then you put the controls in place to govern things. That's how any other security tool works. You first put it in learning mode to see what will happen. For example, If I put in this or that control, how much will it impact my end-users? In those terms, MCAS has been really nice.

If you have a lot in the Microsoft environment or AWS or Google Cloud, it's going to help you a lot.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Roos Joakim
Business System Analyst at a tech company with 201-500 employees
Real User
Top 20
Good logging, offers a single pane of glass for administration, and has effective anti-spam capabilities

Pros and Cons

  • "Better logging allows us to find problems and take appropriate steps to lock them out."
  • "In the future, I would like to see more plug-and-play capabilities that use AI to tell you what needs to be done. It would be helpful if it scanned our devices and made security suggestions, on a configuration basis."

What is our primary use case?

Our primary reason for implementing this product is to deal with spam email.

How has it helped my organization?

In general, this product helps to best secure our network.

It has features that help to improve our security posture that include better logging and better detection of threats. Since implementing it, we have been finding more malicious emails and files. Better logging allows us to find problems and take appropriate steps to lock them out.

We really like the fact that we have a single web-based pane of glass for administration. We can use our Azure Active Directory accounts to access it, and we don't need a local application.

What is most valuable?

The most valuable feature is the anti-spam capabilities.

What needs improvement?

Since implementing this solution, we have had more support calls regarding false positives. This means that we have had to do a little more work finding these issues, although it is getting better. It is just a matter of fine-tuning the system at this point.

The false positives we have experienced so far are rare and have come from customer-specific programs. I can't say that it would be easy for Microsoft to solve them. Fortunately, we have not had any false positives for known software.

In the future, I would like to see more plug-and-play capabilities that use AI to tell you what needs to be done. It would be helpful if it scanned our devices and made security suggestions, on a configuration basis. For example, it could make more suggestions that include specific points, or offer to have something configured in the standard way.

For how long have I used the solution?

We have been using Microsoft Cloud App Security for approximately three months.

What do I think about the stability of the solution?

Stability-wise, so far, I'm satisfied and it works well. We haven't had any issues that I attribute to Microsoft. There were a couple of days where we had problems logging on but I think that it was related to an issue with SolarWinds. My understanding is that some sites were shut down and a lot of companies had the same problem.

What do I think about the scalability of the solution?

At this point, we have not had the need to scale up or scale down. We have approximately 250 devices that we are protecting.

How are customer service and technical support?

We have not needed to contact technical support.

Which solution did I use previously and why did I switch?

We were using F-Secure before implementing Microsoft Cloud App Security, and we are still using it. In fact, it is just another layer of protection. If in the future we see that the Microsoft product is good enough, then we might stop using F-Secure. However, that is not the plan at the moment.

The main reason that we chose this product is for its good compatibility with Office 365 and Azure Active Directory.

How was the initial setup?

The initial setup was pretty straightforward. There were some Azure Active Directory options that we needed to tweak before we got everything running properly.

Our deployment took approximately one month to complete. Part of this time was spent adjusting for false positives.

We followed a step-by-step process for deployment where we started with the computers in our location, then moving to other devices. After our location was complete, we moved to other offices.

What about the implementation team?

We set it up with the help of an external consultant. The company sold us the product, set it up, and we use it. We have an ongoing support contract with them. Our experience with them was good and the consultant's knowledge of Microsoft products was very good. They are a Microsoft partner.

We are still learning the product and over time, we are getting more versed in it. There are two of us, myself and my colleague, responsible for the maintenance. We are both system administrators.

What's my experience with pricing, setup cost, and licensing?

The pricing is a little bit high but right now, we are okay with it because of the compatibility with Office 365, Teams, and Azure AD. These features make it worth the cost.

Which other solutions did I evaluate?

We did not evaluate other options before choosing this one.

What other advice do I have?

My advice for anybody who is implementing this product is to get assistance with deployment from somebody who can help you. Don't do it by yourself, if you're not a reseller for it. As a company, get somebody who has experience with the product.

In summary, we have just begun using this product but so far, it works well and we are satisfied with it.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
GB
Enterprise System Engineer at a government with 501-1,000 employees
Real User
Top 20
We have become more aware of what services our users are using and how often they are using them

Pros and Cons

  • "We have become more aware of what services our users are using, how often they are using them, and what data is being sent out of the organization and to which services. So, it is really a lot about visibility and helping us make decisions based on that. It drives some of our policy decisions for adding extra security controls."
  • "They should continue integration with all other Microsoft security-related products. The integration with all the other products is still ongoing."

What is our primary use case?

The use case is for getting visibility over cloud applications that our users are consuming, how they consume it, and using the protection which comes with Cloud App Security with that visibility. It provides monitoring and visibility into cloud apps that our users are using and has ;a layer of security wrapped around that. It identifies malicious activity, if it's occurring, and provides overall protection of our company data from things like data exfiltration and all the other integrations that it has with other Microsoft security products.

It is protecting approximately 800 users. We have four other sources feeding into it from other products that we use. We have several thousand applications for which we get reports and visibility.

It is one of our core tools for monitoring and managing our security posture. In the future, I don't see that changing much. At this stage, I think we are at a good level of how we are using it.

How has it helped my organization?

It has helped identify areas where we should improve, make changes to improve, the reason why we should make a change, and the impact of making the change. So, it helps drive us to make changes and see the benefits of those changes.

We have become more aware of what services our users are using, how often they are using them, and what data is being sent out of the organization and to which services. So, it is really a lot about visibility and helping us make decisions based on that. It drives some of our policy decisions for adding extra security controls.

It has all been very seamless to our users. It indirectly positively impacts them because we are keeping them more secure. No one has been saying, "Because we are using this product, it is slowing me down or causing me problems." As standard users, they wouldn't really need to know that this solution exists. They just rely on us to keep them safe.

What is most valuable?

  • Helps us have a view into our overall security posture and how we can improve it. 
  • The ability to perform investigations is very useful. 
  • Identifying the number of applications, particularly connected via OAuth. 
  • Has great, general overall visibility of who is using what and how. 
  • We are using it as an indicator for any indicators of compromise that might be coming up.

Identity security posture points out a preset number of security posture improvements, or areas of focus, and whether they are being met. It also points out what changes need to be made in order to meet them. Therefore, we can have better security posture.

There is a feature called security configuration. This is across the whole Microsoft set of products regarding what changes can be done. Specifically within a product, we use it to improve the security posture by making changes.

What needs improvement?

They should continue integration with all other Microsoft security-related products. The integration with all the other products is still ongoing. However, the solution has already begun scaling to meet the needs of getting visibility through from other products as well.

For how long have I used the solution?

About three years.

What do I think about the stability of the solution?

The stability has been fantastic. I have no complaints at all. It has been 100%.

What do I think about the scalability of the solution?

The scalability is really good. It has improved while I have been using it. It definitely appears to be able to scale easily and well. 

How are customer service and technical support?

The technical support is very good. They are responsive, knowledgeable, and skilled. We have great communication with them.

Which solution did I use previously and why did I switch?

This is the only CASB product that I have ever used.

How was the initial setup?

Anecdotally, I believe the initial setup is quite straightforward.

What about the implementation team?

According to the person who originally set up the solution in our organization, but has since left, it was originally straightforward to set up.

My colleague and I share the day-to-day maintenance for one person. It needs only a few hours a day to get a lot out of it. 

What was our ROI?

We have seen ROI. Its main capabilities are:

  • The protection that it gives.
  • Visibility
  • The protection for cloud products. 
  • It helps with the improvement of our overall security posture.

What other advice do I have?

Make full use of all the options available and focus a lot on policies. There are a lot of policies and alerts available which might not be used to their fullest extent. 

We are pretty happy with how it all works and fits together.

I would rate this solution as a solid nine (out of 10). The product is constantly improving. It has a low amount of false positives, i.e., true alerts identified as requiring attention.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
AA
Delivery Practice Director at a computer software company with 201-500 employees
MSP
Top 5Leaderboard
Enables us to sanction applications of our choice and prevent users from using them

Pros and Cons

  • "The ability to prevent users from using certain applications is one of the most valuable features. It doesn't require any configuration for implementation from the client perspective. It just works right away and gives you the information you need."
  • "I believe it's only set to be integrated with Microsoft Defender for identity and identity protection. I would like to see it available for use with something like Office 365 Defender. I don't think it's integrated with that yet."

What is our primary use case?

One thing our clients want to know is what cloud applications their users are using. When you enable Cloud App Security, you can sweep up all the applications that the endpoint is using, such as Dropbox, Box, or OneDrive. 

At Microsoft they use OneDrive and would probably want to restrict it to just that, unless there was a compelling reason to use a third-party application. With Cloud App Security, you can find all the users who are using Dropbox, for example, and then you can sanction those applications and prevent users from using them.

We also use that for alerting and creating policies for notifications and alerts.

What is most valuable?

The ability to prevent users from using certain applications is one of the most valuable features. It doesn't require any configuration for implementation from the client perspective. It just works right away and gives you the information you need. There are other features that you do need to configure. For example, the capability of the solution to discover the apps.

Another helpful feature is that you can add some connectors, not only from Office 365 and Azure, but external connectors. If you have logs from Palo Alto or Cisco, from  Barracuda, Checkpoint, or SonicWall, you can ingest them into Cloud App Security. It integrates well with third-party vendors.

What needs improvement?

There were things that were lacking but they are available in the newer version, such as an integration with the threat protection that Microsoft has with Microsoft Defender. However, I believe it's only set to be integrated with Microsoft Defender for identity and identity protection. I would like to see it available for use with something like Office 365 Defender. I don't think it's integrated with that yet.

For how long have I used the solution?

I have been working with Microsoft Cloud App Security for three or four years.

We're a Microsoft partner, so we do pretty much anything Microsoft, including security, endpoints, and cloud. We don't do website or application development. We focus on architecture, infrastructure, security, and delivery.

What do I think about the stability of the solution?

It is stable. I haven't seen it go down.

What do I think about the scalability of the solution?

You don't have to worry about the scalability because it's a SaaS application. As you add logs and data sources, it builds up. But you don't have to worry about the scalability because it's in the backend.

How are customer service and support?

It's a little bit hard to deal with Microsoft tech support, especially on Cloud App Security. It's hit and miss. It depends on your type of support. If you have premier support, you get an okay type of response. They definitely need to up their tech support. There should be some improvement in that regard.

How was the initial setup?

The initial setup is simple because it's software as a service. You don't build a server and you don't do upgrades. There is no OS. It's built into the cloud. All you have to do is purchase the license.

In terms of maintenance, it's all Microsoft. All you need it to do is configure it so that it will work for your unique environment, according to your organization's requirements. There is nothing else to worry about.

What's my experience with pricing, setup cost, and licensing?

It comes as part of a bundle. If you have the Microsoft 365 license called E5, it comes with that. Otherwise, if you're going to buy it a la carte, the pricing can vary. Because we're a Microsoft partner, we get discounted pricing.

What other advice do I have?

It doesn't require a long configuration process. There's no testing. You just need to tailor it to suit your organization's needs in terms of the data and the information that you want to get. In terms of discovering apps, it works pretty much out-of-the-box. It presents you with the data. The only decision that you need to make is whether to sanction an application. And then you have to sanction it and set up an alert if users are using a sanctioned application.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Babrubahan Das
Sr. Technical Engineer/ Sr. Executive at PSR
Real User
Top 10
Enables us to protect our organisation's data and has good support

Pros and Cons

  • "All of the features are valuable because all of the features are related."
  • "I would like for it to be available on Mac and for it to support all of the features of Microsoft financing products. It is really for Windows."

What is our primary use case?

We use it to protect our organization's data. It has the ability to create and can copy-paste for the end-user. You can take a screenshot from your mobile devices and download some confidential things. After creating the policy you can be assured that a user's data is being protected

We give devices access within a particular device that the user is accessing. We are also certain that there is no chance of scamming or that an email account can be hacked.

We also create a password policy. Whenever the end-user wants to download anything or wants to access anything there has to be some security. It secures the customer's data in their organization. 

What is most valuable?

All of the features are valuable because all of the features are related. 

What needs improvement?

I would like for it to be available on Mac and for it to support all of the features of Microsoft financing products. It is really for Windows.

For how long have I used the solution?

I have been using Microsoft Cloud App Security for the last three years. 

What do I think about the stability of the solution?

The stability is good. 

What do I think about the scalability of the solution?

It is very easy to expand it and it is also very easy to manage because it has a centralized dashboard. You can see all of our teams and activate the software. Any person can export a report. It's very easy to access for me.

Our clients are enterprise-size. 

How are customer service and technical support?

Support is very good. If we have any problems, Microsoft will drop us an email and suggest that the server cannot be accessed due to some maintenance.

How was the initial setup?

The initial setup is straightforward. You only need to set up the policies. The devices need to be compliant and particular applications have to be protected. 

It generally requires two staff members to deploy but it depends on the management. It depends if the IT staff or the customers understand the process. The only difficult part is pairing it to a mobile device. To my understanding, it's the only part that the IT staff has to handle. 

Setting up the policy is easy and then it's easy to replicate the policy. It takes maximum two hours. 

What's my experience with pricing, setup cost, and licensing?

Customers are looking to protect their data and to protect their organization's files. For this, we offer them a package but the price is very high. This particular product, the Indian product, is running very well in the US and UK. 

What other advice do I have?

It is certainly a good product. It is important to get a cloud-based product so that if you want to manage it remotely, you can work on a PC that is ready for that mission then.

I would rate it an eight out of ten. 

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner