Protect multiple cloud app instances using Microsoft Cloud App Security

First published on CloudBlogs on Feb 26, 2018
This post is authored by Arbel Zinger, Program Managers, Microsoft Cloud App Security. Several organizations use multi instances of the same cloud applications for different business reasons. As a security professional, you need to have visibility into each of these instances and have the option to control each one. We’re happy to announce that Microsoft Cloud App Security can now support and control multiple instances of the cloud apps.

Create multi-instance support policies

Let’s start with a common scenario: the marketing team and the sales team in an organization use the same CRM cloud application, but with two different instances. Why?

• Marketing data might be shared with many people including public relations teams, partners or customers, while sales data (the pipeline, the number leads, etc.) is mostly classified and should be kept internal.
• Also, there may be different CRM instances for different geographies, where one region may have stricter information protection rules.

With Microsoft Cloud App Security you can create a policy enforcing that any file from the European CRM instance cannot be shared publicly and you can govern this data automatically through this policy. Or you can set a policy to automatically label each file that is copied from the US CRM instance to the Europe CRM instance as “sensitive,” using Azure Information Protection labels .

Figure 1. Creating a policy

Another common use case scenario is when a development team is working on a test environment vs. a production environment. With multi-instance support policies in Microsoft Cloud App Security, you can provide even more granular and stricter controls for your production environment.

Connecting multiple user accounts to one identity

Considering that users may connect to different instances of the same app, using different user names, Microsoft Cloud App Security knows to connect between an account to the specific user, a person, to help you with investigating alerts in a user-focused way.

Figure 2. Example of multiple accounts for a single user

If you have Microsoft Cloud App Security or Office 365 Cloud App Security deployed, you will see these features already enabled in your tenant. If not, you can try how this service helps you with providing visibility, data control and threat protection to your cloud apps.

Learn more and provide feedback

If you would like to learn more, visit the technical documentation for Microsoft Cloud App Security and Office 365 Cloud App Security . We love hearing your feedback. Let us know what you think at Microsoft Cloud App Security Tech Community .