Microsoft Cloud App Security: Learn how to deploy and manage 7/18/2018 1:32 PM BRK3008 Microsoft Cloud App Security: Learn how to deploy and manage Yinon Costica Principal PM, Cloud App Security Asaf Kashi Group Program Manager, Cloud App Security © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Microsoft Enterprise Mobility + Security Apps Risk MICROSOFT INTUNE Make sure your devices are compliant and secure, while protecting data at the application level AZURE ACTIVE DIRECTORY Ensure only authorized users are granted access to personal data using risk-based conditional access MICROSOFT CLOUD APP SECURITY Gain deep visibility, strong controls and enhanced threat protection for data stored in cloud apps AZURE INFORMATION PROTECTION Classify, label, protect and audit data for persistent security throughout the complete data lifecycle MICROSOFT ADVANCED THREAT ANALYTICS Detect breaches before they cause damage by identifying abnormal behavior, known malicious attacks and security issues ! Device Access granted to data CONDITIONAL ACCESS Classify Label Audit Protect Location

We would like to use a single slide and use this format We would like to use a single slide and use this format. Please update the icons. (You can use the icons from slide #13) How do I gain visibility into cloud apps used in my organization and get a risk assessment? How can I control and limit access to data in cloud apps? How can I prevent data loss in cloud apps and stay compliant with regulations? How do I protect cloud apps and the data in them from security attacks?

Microsoft Cloud App Security Discover and assess risks Control access in real time Protect your information Detect threats Identify cloud apps on your network, gain visibility into shadow IT, and get risk assessments and ongoing analytics. Manage and limit cloud app access based on conditions and session context, including user identity, device, and location. Get granular control over data and use built-in or custom policies for data sharing and data loss prevention. Identify high-risk usage and detect unusual behavior using Microsoft threat intelligence and research. Extend Microsoft security To your cloud apps Threat detection: Microsoft Intelligent Security Graph, Office ATP Information Protection: Office 365 & Azure Information Protection Identity: Azure AD and Conditional Access + more Discover and assess risks Discover all cloud usage in your organization Information protection Monitor and control your data in the cloud Conditional access Control and limit user access based on session context Threat detection Detect usage anomalies and security incidents

Cloud App Security: Ignite Announcements Cloud App Security: proxy Control and limit access to cloud apps: Using proxy with Azure Active Directory Conditional Access. Public Preview in October Scan, classify sensitive data and apply AIP labels automatically Automatic labeling and protection will be in public preview in October 2017. Cloud App Security will classify file leveraging Microsoft’s Information Protection solution and capabilities starting Q4 2017. Support for Azure West Europe region Cloud App Security is also be available in Azure West Europe region to better serve our customers in Europe and support their compliance requirements New Cloud App Discovery experience in Azure AD Cloud App Discovery in Azure AD’s now enhanced to provide deeper visibility into cloud app usage, no agents required, with ongoing analysis and alerts, powered by Cloud App Security. Available to Azure AD customers.

Architecture and how it works Discovery Manually or automatically upload traffic logs files from your firewalls and proxies to discover and analyze which cloud apps are in use Sanction or block apps in your organization using the cloud app catalog App connectors Leverage APIs provided by various cloud app providers to extend protection to Cloud App Security Proxy apps Azure AD redirects risky sessions to the reverse proxy to apply app restrictions

Create a trial tenant Log in to your Microsoft work account Go to www.cloudappsecurity.com or to  Enterprise Mobility + Security homepage Sign up for a free Cloud App Security trial, or  Enterprise Mobility + Security all up Assign licenses to users [at least one] Login and assign role based access controls Do-It-Yourself

Cloud discovery Shadow IT discovery Microsoft Ignite 2016 7/18/2018 1:32 PM Cloud discovery Shadow IT discovery Risk assessment and migration to business- ready apps On-going protection and analytics Discover cloud apps in use across your networks Investigate users and source IP cloud usage Create custom views and reports for business units, networks and groups Optional PII anonymized reports Risk assessment for 15,000+ cloud apps based on 60 security and compliance risk factors Un-sanction, sanction and protect apps Customize labels, notes, weight in risk scoring and override per app risk assessment to support internal workflows Anomalous usage alerts New apps and trending apps alerts Identify and close policy enforcement gaps Programmatically generate blocking scripts to supported network appliances Integrates with Your network appliances, SIEM © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Discovery architecture Azure On-premise network Microsoft Cloud App Security Syslog CEF Network logs Log parser Log collector App Discovery SaaS DB FTP Syslog FTP Discovery dashboard and alerts Users and groups Azure AD Reporting engine Tenant DB SIEM Web proxy Firewall Firewall Cloud apps

Setup Cloud Discovery reports & alerts Upload network logs to Cloud App Security Create custom reports Create new app alerts Review discovered apps and take actions Customize the risk scores Generate blocking scripts Live demo

Discovery workflows Discovery of Shadow IT Without IT approval, users deploy and use cloud apps that are not business-ready and expose the organization to various risks. IT has limited visibility to the usage of these apps, and the assessment process requires lots of efforts and specialty. Cloud migration Monitor adoption of new apps, and verify that usage grows over time while alternative, unsanctioned apps decline. Cloud marketplace Wisely choose cloud apps that fit the security requirement of your organization, and meet the latest cloud security standards. Live demo

Coming soon: Native integration with Zscaler SSO Microsoft Cloud App Security Enforce Policy Tenant Bonding Tenant Bonding End User Zscaler NSS Log Forwarding Create Unsanctioned App Policy PAC/ZApp Unsanctioned Apps URL category API Polling

Cloud App Discovery in Azure AD Deeper visibility into cloud app usage Discover more than 15,000 apps from all organization network traffic and from any device. No-agents required Ongoing analytics

Microsoft’s approach to information protection 7/18/2018 1:32 PM Microsoft’s approach to information protection Comprehensive protection of sensitive data throughout the lifecycle – inside and outside the organization Detect Classify Protect Monitor Scan & detect sensitive data based on policy Classify data and apply labels based on sensitivity Apply protection actions, including encryption, access restrictions Reporting, alerts, remediation Devices cloud On premises © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

The lifecycle of a sensitive file 7/18/2018 1:32 PM The lifecycle of a sensitive file Data travels across various locations, shared Protection is persistent, travels with the data Data is monitored Reporting on data sharing, usage, potential abuse; take action & remediate Data is created, imported, & modified across various locations Data is detected Across devices, cloud services, on-prem environments Data is protected based on policy Protection may in the form of encryption, permissions, visual markings, retention, deletion, or a DLP action such as blocking sharing Sensitive data is classified & labeled Based on sensitivity; used for either protection policies or retention policies Retain, expire, delete data Via data governance policies © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Microsoft’s information protection solutions 7/18/2018 1:32 PM Microsoft’s information protection solutions Comprehensive protection of sensitive data across devices, cloud services and on-premises environments Devices OFFICE 365 CLOUD SERVICES, SaaS APPs & ON-PREMISES PCs, tablets, mobile Exchange Online, SharePoint Online & OneDrive for Business Highly regulated Azure 3rd-Party SaaS Datacenters, file shares Windows Information Protection & BitLocker for Windows 10 Office 365 DLP Office 365 Advanced Data Governance Intune MDM & MAM for iOS & Android Azure Information Protection Microsoft Cloud App Security © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Information protection for cloud apps Microsoft Ignite 2016 7/18/2018 1:32 PM Information protection for cloud apps Gain visibility into data and sharing Classify, label and protect Monitor & investigate   Visibility to sharing level and classification labels Quantify over-sharing exposure and compliance risks Detect and manage 3rd apps access Govern data in the cloud with granular DLP policies Leverage Microsoft’s Information Protection capabilities for classification Automatically protect and encrypt your data using Azure Information Protection Identify policy violations Investigate incidents and related activities Quarantine and permissions removal Integrates with Azure Information Protection, Office 365, External DLP solutions © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Files and Data Control Architecture Azure Files External collaborators Users Protected cloud apps Microsoft Cloud App Security Files API Violation remediation (e.g. quarantine) & notification File directory Event processing Files for re-scan as part of the ongoing scan process File notifications for new and updated files Activity API Scan queue 3rd party DLP engine Proxy traffic Selected file for scan Content scan engine DLP engine Download file for scan Extracted text Remediation API SIEM connector (preview)

Connecting a sanctioned app Navigate to Settings > “App Connectors” Choose your app from the list of available apps Login with an admin user and approve the OAuth request Validate deployment with “Test API” Expect initial activity logs from the app within minutes to an hour. Live demo

Set your first file policy Navigate to the policies page Create a policy and choose “file policy” Choose a template, for example, “File containing PCI detected in the cloud” Customize policy, for example, narrow scope for “Access level” equals Public Customize actions in response Live demo

Information protection workflows Define a classification, labeling and protection policy Define your sensitive data types and how to protect them Quantify risk: confidential files stored in connected apps Detect sensitive content in files stored in your cloud apps Auto-remediate public sharing of confidential data Detect confidential data shared publicly and auto-remediate Investigate and alert Investigate files activity upon violation and trigger alerts on violations and suspicious activity. Live demo

Conditional Access: Proxy Microsoft Ignite 2016 7/18/2018 1:32 PM Conditional Access: Proxy Investigate & enforce app and data restrictions Unique integration with Azure AD Context-aware session policies Control access to cloud apps based on user, location, device and app Identify managed devices via VPN (location based), Domain joined devices, Intune compliant devices or client certificates Supports any SAML-based app, any OS Enforce browser-based “view only” mode for low-trust sessions Limit access to sensitive data Classify, label and protect on download Visibility into unmanaged device activity Integral component of Azure AD Conditional Access Simple deployment directly from your Azure AD portal Leverages existing device management mechanisms, no additional deployment required Integrates with Public Preview in October Join now, email us at mcaspreview@microsoft.com Azure Active Directory © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Monitor and control access to cloud apps Microsoft Ignite 2016 7/18/2018 1:32 PM Monitor and control access to cloud apps CLOUD APP SECURITY Allow access Require MFA Proxy Limit access Policy Cloud apps Deny access Force password reset ****** © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Conditional Access – Block on download Cloud App Security Proxy USER DEVICE APP SESSION RISK Role: Marketing Mgr Group: Marketing Client: Mobile Config: Open Location: UNKNOWN Last Sign-in: 8 hrs ago Platform: Windows Health: Fully patched Config: Managed Last seen: London, UK Block on download Unfamiliar IP address.

Conditional Access – Protect on Download Cloud App Security Proxy USER DEVICE APP SESSION RISK Role: Marketing Mgr Group: Marketing Users Client: Mobile Config: Corp Proxy Location: London, UK Last Sign-in: 5 hrs ago Platform: Windows Health: Fully patched Config: Managed Last seen: London, UK Classification Engine

Conditional Access – Protect on Download Cloud App Security Proxy USER DEVICE APP SESSION RISK Role: Vendor Group: Contingent Staff Client: Mobile Config: Open Location: Red Bank, NJ Last Sign-in: 3 hrs ago Platform: Windows Health: Fully patched Config: Unmanaged Last seen: Red Bank, NJ Protect on download User is a not a full-time employee. Device is unmanaged

Setup conditional access proxy Navigate to Azure AD > Enterprise apps > Conditional Access Apply the required assignments: choose your app, user scope and other conditions Under Access Controls, check “Use proxy enforced restrictions” Configure the required session policies in Cloud App Security Live demo

Conditional Access Capabilities Azure AD: Conditional access for any app with set of conditions Intune: adds mobile device compliance Cloud App Security Access Proxy (private preview) Extends AAD Conditional Access to legacy SSO Office 365 Conditional Access: Application level implementation to enforce device, data access and location restrictions Cloud App Security Session Proxy: Inline implementation to enforce device, data access and location restrictions EMS + Office 365

Threat detection & investigation Microsoft Ignite 2016 7/18/2018 1:32 PM Threat detection & investigation Behavioral analytics & ransomware detection Advanced investigation & remediation Threat Intelligence   Leverages Microsoft Intelligent Security Graph: Unique insights, informed by trillions of signals across Microsoft’s customer base Native integration with Office Threat Intelligence Identify anomalies in your cloud environment via advanced behavioral analytics Built-in detections for leading threat scenarios: Ransomware, admin take-over, shared accounts Pivot on users, IP addresses, resources, activities and locations Customize detections based on your findings Automate remediation with Azure AD Integrates with Microsoft Intelligent Security Graph, 3rd party SIEM solutions © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Activity & Anomaly detection Architecture Azure Users Support Admins Protected cloud apps Proxy traffic Microsoft Cloud App Security Event enrichment Geo-location database Users/Groups Microsoft Threat Intelligence Center Alerts engine Activity API Alert investigation & notification Based on big data and machine learning - Anomaly detection - Activity policy evaluation e.g. risky IP addresses SIEM connector (preview)

Set your first activity policy Navigate to the Policies page Create a policy and choose “activity policy” Choose a template, for example, “Mass download by a single user” Customize parameters, for example, change threshold to 10 downloads Customize actions in response Live demo

Threat detection scenarios Suspicious access Unauthorized users accessing your cloud environment or possible breaches in your environment Anomalous behavior Activities that were probably not done by your employees or may indicate data exfiltration by an insider Privileged user monitoring Monitor privileged users to keep your cloud environment safe. Ransomware activity Detect potential ransomware activity and respond by invalidating access tokens Live demo

External Integrations

External integrations External DLP solution Integrate with existing DLP solutions to extend these controls to the cloud while preserving a consistent and unified policy across on-premises and cloud activities Export alerts and activities to your SIEM Better protect your cloud applications while maintaining your usual security workflow, automating security procedures and correlating between cloud-based and on-premises events Automate processes via API or Powershell Create your own applications using programmatic access to Cloud App Security data and actions through REST API endpoints Live demo

Microsoft Cloud App Security via Powershell Powershell wrapper to Microsoft Cloud App Security RESTful API Development managed on Github: https://github.com/Microsoft/Cloud-App-Security Published on Powershell Gallery: https://www.powershellgallery.com/packages/Cloud-App-Security Enables easy installation: Install-Module Cloud-App-Security Adheres to MS Open Source Project Office (OSPO) policies and licensed under MIT license Available cmdlets: Add-MCASAdminAccess Export-MCASBlockScript Get-MCASAdminAccess Get-MCASAccount Get-MCASActivity Get-MCASAlert Get-MCASAppInfo Get-MCASCredential Get-MCASDiscoveredApp Get-MCASFile Get-MCASGovernanceAction Get-MCASPolicy Get-MCASReport Get-MCASReportData Get-MCASStream Remove-MCASAdminAccess Send-MCASDiscoveryLog Set-MCASAlert

Microsoft Enterprise Mobility + Security Apps Risk MICROSOFT INTUNE Make sure your devices are compliant and secure, while protecting data at the application level AZURE ACTIVE DIRECTORY Ensure only authorized users are granted access to personal data using risk-based conditional access MICROSOFT CLOUD APP SECURITY Gain deep visibility, strong controls and enhanced threat protection for data stored in cloud apps AZURE INFORMATION PROTECTION Classify, label, protect and audit data for persistent security throughout the complete data lifecycle MICROSOFT ADVANCED THREAT ANALYTICS Detect breaches before they cause damage by identifying abnormal behavior, known malicious attacks and security issues ! Device Access granted to data CONDITIONAL ACCESS Classify Label Audit Protect Location

Enterprise Mobility + Security Customers

Third-party Multi-Factor Authentication Enterprise Mobility + Security Partners MDM and MAM Identity and Access Management Third-party Multi-Factor Authentication Threat Management Information Protection Mobile Threat Defense

Try Cloud App Security today Microsoft Ignite 2016 7/18/2018 1:32 PM Try Cloud App Security today aka.ms/castrial © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Check out other great EMS sessions Deployment for EMS & Microsoft 365 Microsoft Cloud App Security Azure Information Protection Azure Active Directory Microsoft Advanced Threat Analytics Microsoft Intune Download the Ignite app Windows iOS Android

Keep going… Try Enterprise Mobility + Security for free, today: www.microsoft.com/en-us/cloud-platform/enterprise-mobility-trial See Microsoft Cloud App Security in action https://www.microsoft.com/en-us/cloud-platform/cloud-app-security-trial Evaluate and try Microsoft Advanced Threat Analytics now www.microsoft.com/en-us/evalcenter/evaluate-microsoft-advanced-threat-analytics Explore Identity + Access Management www.microsoft.com/en-us/cloud-platform/identity-management Learn more about Azure Information Protection www.microsoft.com/en-us/cloud-platform/information-protection Discover new MDM and MAM solutions with Microsoft Intune www.microsoft.com/en-us/cloud-platform/mobile-device-management Check out new Desktop virtualization capabilities www.microsoft.com/en-us/cloud-platform/desktop-virtualization

7/18/2018 1:32 PM © 2016 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Appendix

Microsoft Ignite 2016 7/18/2018 1:32 PM Shadow IT On average, an organization has 28 cloud storage apps routinely used by its employees. Only 27% of these support multi-factor authentication. Only 54% of these encrypt data at-rest. Only 10% of these are compliant with SOC 2, HIPAA and PCI DSS. Only 49% of these apps claims they are preserving user's right on his own data. Only 20% of these apps commit on deleting user’s data after account deletion/termination. On average, an organization has 41 collaboration apps routinely used by its employees. Only 22% of these support multi-factor authentication. Only 24% of these encrypt data at-rest. Only 6% of these are compliant with SOC 2, HIPAA and PCI DSS. Only 31% of these claim they are preserving user's right on his own data. Only 18% of these commit on deleting user’s data after account deletion/termination. © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

80% 73% SaaS adoption challenge Microsoft Ignite 2016 7/18/2018 1:32 PM SaaS adoption challenge 80% 73% of enterprises indicated security as a top challenge holding back SaaS adoption* >80% of employees admit to using non-approved SaaS apps in their jobs** Cloud Security Alliance (CSA) survey, Cloud Adoption, Practices and Priorities Survey Report 2015 ** http://www.computing.co.uk/ctg/news/2321750/more-than-80-per-cent-of-employees-use-non-approved-saas-apps-report © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Introducing Microsoft Cloud App Security Enterprise-grade security for your cloud apps Visibility Gain complete visibility and context for cloud usage and shadow IT Control Shape your cloud environment with granular controls and policy setting for access, data sharing, and DLP Threat detection Identify high-risk usage and security incidents, detect abnormal user behavior, and prevent threats

Information Protection Microsoft Ignite 2016 7/18/2018 1:32 PM Microsoft Cloud App Security: gain visibility and control of data in cloud apps Cloud Discovery Discover 14K+ cloud apps in your environment, gain visibility into shadow IT and assess risk Information Protection Shape your cloud environment with granular controls and use out-of-the-box or custom policies for data sharing, and data loss prevention Threat Protection Identify high-risk usage and cloud security issues, detect abnormal user behavior, and prevent threats Discovery Risk Assessment Ongoing analytics ! ! Behavioral Analytics Identify anomalies in your cloud environment that may be indicative of a breach Collect logs from firewalls and proxies - no agents required on user devices Policy Setting DLP & Data Sharing Policy Enforcement Policies Policy Enforcement Activity Scan for advanced alerts Enhanced by Microsoft Intelligent Security Graph Protect file Anomaly Detection App Discovery Quarantine Leverage Microsoft’s threat intelligence to detect anomalies, prevent threats, and stop risky behavior right away. Discovery Anomaly Make private File Remove a collaborator Integrated with Azure Information Protection Create policies for files classified by Azure Information Protection and govern sensitive data in the cloud Investigate and gather unique insights Gain a deeper understanding of what's happening in your cloud environment by pivoting on users, files, accounts, apps and activities. Use log anonymization to protect employee privacy while uncovering Shadow IT © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Microsoft Enterprise Mobility + Security Technology Benefit E3 E5 Azure Active Directory Premium P1 Secure single sign-on to cloud and on-premises app MFA, conditional access, and advanced security reporting ● Azure Active Directory Premium P2 Identity and access management with advanced protection for users and privileged identities Microsoft Intune Mobile device and app management to protect corporate apps and data on any device Azure Information Protection P1 Encryption for all files and storage locations Cloud-based file tracking Azure Information Protection P2 Intelligent classification and encryption for files shared inside and outside your organization Microsoft Cloud App Security Enterprise-grade visibility, control, and protection for your cloud applications Microsoft Advanced Threat Analytics Protection from advanced targeted attacks leveraging user and entity behavioral analytics Identity and access management Managed mobile productivity Information protection Threat protection

Our FastTrack Momentum 7/18/2018 1:32 PM Our FastTrack Momentum “We saw what Microsoft was putting into Intune and saw that it could do everything that we wanted ... and that it would grow with our future needs… … the other thing, and this is a huge part not to be diminished, was the magnitude of positive experience and support from the FastTrack Center.” Willem Bagchus Messaging and Collaboration Specialist, United Bank 40k+ 6.3 PB+ 6.8 M+ 189.5 Customers enabled Data migrated Seats migrated Customer satisfaction (NSAT) 800+ 51k+ 53% FastTrack Engineers worldwide Success plans Faster Time to Value © Microsoft Corporation. All rights reserved.

Solution comes in two different flavors: Office 365 Cloud App Security Microsoft Cloud App Security Enhanced visibility and control for Office 365 Advanced security alerts Productivity app discovery App permissions and control Available in Office E5 Integrated security suite across identity, device, apps and data Discovery of Shadow IT Unified Information protection Automated detection and remediation Available standalone and as a part of EMS E5

Office 365 Cloud App Security vs. Microsoft Cloud App Security Office 365 Advanced Security Management Cloud Discovery Discovered apps 15,000 + cloud apps 750+ cloud apps with similar functionality to Office 365 Deployment for discovery analysis Manual and automatic log upload Manual log upload Log anonymization for user privacy Yes Access to full Cloud App Catalog Cloud app risk assessment Cloud usage analytics per app, user, IP address Ongoing analytics & reporting Anomaly detection for discovered apps Information Protection Data Loss Prevention (DLP) support Cross-SaaS DLP and data sharing control Uses existing Office DLP (available in Office E3 and above) App permissions and ability to revoke access Policy setting and enforcement Integration with Azure Information Protection Integration with third party DLP solutions Threat Detection Anomaly detection and behavioral analytics For Cross-SaaS apps including Office 365 For Office 365 apps Manual and automatic alert remediation SIEM connector Yes. Alerts and activity logs for cross-SaaS apps. Yes. Office 365 alerts only. Integration to Microsoft Intelligent Security Graph Activity policies https://docs.microsoft.com/en-us/cloud-app-security/editions-cloud-app-security

Microsoft’s Information Protection solution Devices + On-premise’s servers Office 365 Cloud apps Office 365 Security & Compliance Center Azure Information Protection Microsoft Cloud App Security Microsoft’s Information Protection organization policies Classify Label Protect

Microsoft Ignite 2016 7/18/2018 1:32 PM From SaaS providers “At Box, we believe in a modern content management and collaboration experience where information can move easily and securely between individuals and organizations and across devices and applications. By working closely with Microsoft Cloud App Security, we're providing businesses with stronger controls and deeper visibility around their cloud apps, and protecting unwanted access to critical business content."  ROGER MURFF Vice President of Technology Partnerships at Box BOX © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Complete framework to secure your cloud apps Microsoft Ignite 2016 7/18/2018 1:32 PM Complete framework to secure your cloud apps Cloud discovery Information protection Threat detection Conditional Access Discover all cloud usage in your organization Monitor and control your data in the cloud Detect usage anomalies and security incidents Control and limit user access based on session context Extend Microsoft security To your cloud apps Threat detection: Microsoft Intelligent Security Graph, Office ATP Information Protection: Office 365 & Azure Information Protection Identity: Azure AD and Conditional Access + more © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Cloud App Security: Ignite Announcements Cloud App Security: proxy-enforced session restrictions Control and limit access to cloud apps: Using proxy-enforced app restrictions with Azure Active Directory Conditional Access. Public Preview in October Scan, classify sensitive data and apply AIP labels automatically Automatic labeling and protection will be in public preview in October 2017. Cloud App Security will classify file leveraging Microsoft’s Information Protection solution and capabilities starting Q4 2017. Support for Azure West Europe region Cloud App Security is also be available in Azure West Europe region to better serve our customers in Europe and support their compliance requirements New Cloud App Discovery experience in Azure AD Cloud App Discovery in Azure AD’s now enhanced to provide deeper visibility into cloud app usage, no agents required, with ongoing analysis and alerts, powered by Cloud App Security. Available to Azure AD customers.

Please evaluate this session Tech Ready 15 7/18/2018 Please evaluate this session From your Please expand notes window at bottom of slide and read. Then Delete this text box. PC or tablet: visit MyIgnite https://myignite.microsoft.com/evaluations Phone: download and use the Microsoft Ignite mobile app https://aka.ms/ignite.mobileapp Your input is important! © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.