云应用可见性和控制Cloud app visibility and control

若要充分利用云应用和服务,IT 团队必须在支持访问与保持对关键数据的控制和保护之间找到适当的平衡。To get the full benefit of cloud apps and services, an IT team must find the right balance of supporting access while maintaining control to protect critical data. Microsoft Cloud App Security 针对数据的移动提供丰富的可见性和控制功能,并提供先进的分析工具来识别和应对所有 Microsoft 和第三方云服务中的网络威胁。Microsoft Cloud App Security provides rich visibility, control over data travel, and sophisticated analytics to identify and combat cyber threats across all your Microsoft and third-party cloud services.

发现和管理网络中的影子 ITDiscover and manage shadow IT in your network

让 IT 管理员说出他们认为员工使用了多少个云应用时,他们说出的平均数字是 30 到 40 个,但在现实中,组织中的员工使用的不同应用数平均超过 1,000 个。When IT admins are asked how many cloud apps they think their employees use, on average they say 30 or 40, when in reality, the average is over 1,000 separate apps being used by employees in your organization. 影子 IT 可帮助你了解和识别正在使用的应用,以及面临的风险级别。Shadow IT helps you know and identify which apps are being used and what your risk level is. 80% 的员工使用的应用未经批准(未经过任何人评审),可能不符合安全与合规策略。Eighty percent of employees use unsanctioned apps that no one has reviewed and may not be compliant with your security and compliance policies. 此外,由于员工能够从企业网络外部访问资源和应用,因此,只是在防火墙中配置规则和策略不再足够。And because your employees are able to access your resources and apps from outside your corporate network, it's no longer enough to have rules and policies on your firewalls.

使用 Microsoft Cloud App Discovery(一项 Azure Active Directory Premium P1 功能)可以发现正在使用的应用、探索这些应用的风险、配置策略来识别新的有风险应用,并取消批准这些应用,以使用代理或防火墙设备在本地将其阻止。Use Microsoft Cloud App Discovery (an Azure Active Directory Premium P1 feature) to discover which apps are being used, explore the risk of these apps, configure policies to identify new risky apps, and unsanction these apps in order to block them natively using your proxy or firewall appliance.

  • 发现和识别影子 ITDiscover and identify Shadow IT
  • 评估和分析Evaluate and analyze
  • 管理应用Manage your apps
  • 高级影子 IT 发现报告Advanced Shadow IT discovery reporting
  • 控制已批准的应用Control sanctioned apps

了解详细信息Learn more

用户会话可见性和控制User session visibility and control

在当今的工作区中,知道云环境中幕后发生的情况往往并不足够。In today’s workplace, it’s often not enough to know what’s happening in your cloud environment after the fact. 需要实时阻止违规和信息透露,避免员工有意或无意中使数据和组织面临风险。You want to stop breaches and leaks in real time before employees intentionally or inadvertently put your data and your organization at risk. Microsoft Cloud App Security 与 Azure Active Directory (Azure AD) 相结合,可以在一体式的集成体验中通过条件访问应用控制提供这些功能。Together with Azure Active Directory (Azure AD), Microsoft Cloud App Security delivers these capabilities in a holistic and integrated experience with Conditional Access App Control.

会话控制使用反向代理体系结构,并以独特的方式与 Azure AD 条件访问相集成。Session control uses a reverse proxy architecture and is uniquely integrated with Azure AD Conditional Access. 使用 Azure AD 条件访问可以根据某些条件在组织的应用中强制实施访问控制。Azure AD Conditional Access allows you to enforce access controls on your organization’s apps based on certain conditions. 条件定义了要向谁(用户或用户组)、什么(哪些云应用)和哪里(哪些位置和网络)应用条件访问策略。The conditions define who (user or group of users) and what (which cloud apps) and where (which locations and networks) a Conditional Access policy is applied to. 确定条件后,可将用户路由到 Cloud App Security,在其中可以实时保护数据。After you’ve determined the conditions, you can route users to Cloud App Security where you can protect data in real time.

通过这种控制,可以:With this control you can:

  • 控制文件下载Control file downloads
  • 控制对文件的访问Control access to files
  • 下载时保护文档Protect documents on download

了解详细信息Learn more

高级应用可见性和控制Advanced app visibility and controls

应用连接器使用应用提供商的 API 通过 Microsoft Cloud App Security 对连接到的应用实现更高的可见性和控制力度。App connectors use the APIs of app providers to enable greater visibility and control by Microsoft Cloud App Security over the apps you connect to. Cloud App Security 利用云提供商提供的 API。Cloud App Security leverages the APIs provided by the cloud provider. 每个服务具有自身的框架和 API 限制,例如带宽限制、API 限制、动态时移 API 窗口,等等。Each service has its own framework and API limitations such as throttling, API limits, dynamic time-shifting API windows, and others. Cloud App Security 产品团队已通过这些服务优化 API 的使用并提供最佳性能。The Cloud App Security product team worked with these services to optimize the use of APIs and provide the best performance. 考虑到服务对其 API 施加的不同限制,Cloud App Security 引擎将使用允许的最大容量。Taking into account different limitations services impose on their APIs, the Cloud App Security engines use their maximum allowed capacity. 某些操作(例如,扫描租户中的所有文件)需要大量的 API 调用,因此它们的执行阶段分散在更长的时段。Some operations, such as scanning all files in the tenant, require numerous API calls so they're spread over a longer period. 某些策略预期需要运行几个小时甚至几天。Expect some policies to run for several hours or days.

了解详细信息Learn more

后续步骤Next steps