We just raised a $30M Series A: Read our story
2019-12-30T06:00:00Z

What advice do you have for others considering Microsoft Cloud App Security?

5

If you were talking to someone whose organization is considering Microsoft Cloud App Security, what would you say?

How would you rate it and why? Any other tips or advice?

ITCS user
Guest
88 Answers

author avatar
Top 20MSP

I deploy this solution. I don't utilize this solution as a solution for my organization, and instead, deploy this solution for clients. I'm a consultant for this product. My company is a Microsoft partner. This is a SaaS application. I would advise new users to first try to identify the applications which are corporate-owned applications, be it if it's an on-prem application or if it's a cloud application. Once you identify all those applications which you're using in your organizations as a whole, you should try to integrate all those applications with Cloud App Security. Once you've started integrating and planning ahead what applications are needed to be monitored first, start integrating those applications and monitoring them. Slowly, integration after integration, all the monitoring will start happening. Once the integration for those applications has happened, you should go ahead and start implementing what kind of policies you want. If you want activity monitoring policies, then you should start creating those activity monitoring policies. Let's say you want to apply DLP policies for third-party applications. You will need to reach out to those different teams who'll be able to give you better answers as to how to approach the data that is being shared or being uploaded from those applications to any other applications. Based on that, create those policies in Cloud App Security. The correct and the right approach is to use the network appliances that you have in your organization. Once you have identified that information, you can go ahead and start implementing the Cloud App Security and start integrating those network appliances and those applications with Cloud App Security. Overall, I would rate the solution at an eight out of ten.

2021-08-31T14:25:00Z
author avatar
Top 20Consultant

For Office 365 environments, there is a great add-on benefit that comes with the Microsoft licensing package. If you have a Microsoft ecosystem, you can get it, and there is no need for any other tool. If you're not in a Microsoft ecosystem, don't bother buying it. It is a good competitor to other products such as Splunk. It has not affected our end-user experience in any way. The reason being this is an admin-oriented program, and it does not involve any end user. It just collects data from end-users and gives it to us. After that, it is up to us to act upon it. It does not do anything on its own. It is a threat detection tool, and it doesn't do anything on its own. We have to act to resolve a problem. For example, it will only say, "There is a user who is doing this. Do you want to act upon it? Yes or no?" Based on that, as an admin, we can do certain tasks remotely. The end-user will not know about it. We will see if there is a real threat, and we'll act upon it. I would rate it a 10 out of 10. It is improving, but it still needs more improvements.

2021-08-29T10:56:00Z
author avatar
Real User

My advice would be that an organization should assess where they are today and then map out what do they want from a cloud access security broker product. After that, they should decide whether MCAS or another product meets their requirements. This is important because you may have all the things in terms of interoperability and a solution may be the best fit from an operational perspective, but if all of the requirements are not met, you may end up using multiple products. Therefore, an organization must assess its current IT infrastructure, where do they want to go, and what are the key requirements from a regulatory and IT governance standpoint. They also have to make sure they have the right skillset in the market. For example, in Singapore, if I want to implement Google Cloud, the skillset is very less as compared to the skillset for AWS. From a vendor perspective, you should assess the reputability of the vendor and what kind of capability the vendor provides. For example, it's very obvious that Microsoft is very good at integrating its own products. They have now also started to integrate with others. These are some of the aspects you should consider before making a decision between product A or B. There is no magic silver bullet. From a security standpoint, overall, it has satisfied 80% of our requirements in terms of regulatory and bank standards. For 20% of our requirements, we still need additional products or features. They are currently not really there, and we are trying to find the solution for those gaps. In general, MCAS has a long way to go. It is definitely a good product that integrates with Office 365 Suite very well, but from a capability perspective, other products such as SkyHigh, McAfee, or Symantec have more features. It has the potential. A lot of features are lined up in MCAS, and eventually, they'll be there. These features are mentioned on Microsoft's website, and they are in development. I am looking forward to those. In terms of data governance, we have a very good tool, and we just need to focus on how to govern the data, DLP policies, etc. We don't have to bother about the physical data center, physical network, or physical host. The entire layer below the server is gone, and we just have to focus on the identity and security aspects. We just need to focus on what kind of security we need to put and which policies do we need to implement. We get better visibility by focusing on the key client endpoints by using MCAS. The team is now really focused. Previously, every day, teams used to come up with issues like, "Network has this problem. Data has this problem, and Host has this problem." Now the focus is, "Hey, this MCAS DLP isn't doing the job." The focus is more on the product's capability. I would rate Microsoft Cloud App Security a seven out of 10.

2021-06-15T01:09:00Z
author avatar
Real User

Make full use of all the options available and focus a lot on policies. There are a lot of policies and alerts available which might not be used to their fullest extent. We are pretty happy with how it all works and fits together. I would rate this solution as a solid nine (out of 10). The product is constantly improving. It has a low amount of false positives, i.e., true alerts identified as requiring attention.

2021-05-30T06:18:00Z
author avatar
Top 10Real User

This is a pretty good service and I definitely recommend it if you are using Microsoft Azure or Microsoft services. I would rate this solution an eight out of ten.

2021-04-08T16:28:00Z
author avatar
Top 20Real User

It is certainly a good product. It is important to get a cloud-based product so that if you want to manage it remotely, you can work on a PC that is ready for that mission then. I would rate it an eight out of ten.

2020-05-31T10:37:00Z
author avatar
Top 20Real User

This is a product that I recommend. Overall, it is a good product but the robustness should be improved. I would rate this solution an eight out of ten.

2020-04-02T07:00:10Z
author avatar
Top 20Real User

We have experience with Microsoft products, Windows Server Data Centers, Microsoft Office 365, and they have a new branch called M365 products, Cloud systems, and Branch Management systems. We are working on implementing the MDM system and we are looking for alternatives. We are using an Apple-based system as well as Microsoft. Generally, there is always room for improvement. It can always be better. I would rate this solution a seven out of ten.

2019-12-30T06:00:00Z
Learn what your peers think about Microsoft Defender for Cloud Apps. Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
552,695 professionals have used our research since 2012.