Leipzig, 02/26/2018 – Several organizations use multi instances of the same cloud applications for different business reasons. As a security professional, you need to have visibility into each of these instances and have the option to control each one. Microsoft announced recently that Microsoft Cloud App Security can now support and control multiple instances of the cloud apps.
Microsoft Cloud App Security is a component of Microsoft’s suite. Enterprise Mobility + Security
Create multi-instance support policies
Let’s think of an common use case scenario: the marketing team and the sales team in an organization use the same CRM cloud application, but with two different instances. Why?
Marketing data might be shared with many people including public relations teams, partners or customers, while sales data (the pipeline, the number leads, etc.) is mostly classified and should be kept internal. In addition, there may be different CRM instances for different geographies, where one region may have stricter information protection rules.
With Microsoft Cloud App Security, you can create a policy enforcing that any file from the European CRM instance cannot be shared publicly and you can govern this data automatically through this policy. Alternatively, you can set a policy to automatically label each file that is copied from the US CRM instance to the Europe CRM instance as “sensitive,” using Azure Information Protection labels.
Another common use case scenario might be a development team that is working on a test environment vs. a production environment. With multi-instance support policies in Microsoft Cloud App Security, you can provide even more granular and stricter controls for your production environment.
Connecting multiple user accounts to one identity
Considering that users may connect to different instances of the same app, using different user names, Microsoft Cloud App Security knows to connect between an account to the specific user, a person, to help you with investigating alerts in a user-focused way. If you have Microsoft Cloud App Security or Office 365 Cloud App Security deployed, you will see these features already enabled in your tenant. If not, you can try how this service helps you with providing visibility, data control and threat protection to your cloud apps.
Example of multiple accounts for a single user (Source: https://cloudblogs.microsoft.com/enterprisemobility/2018/02/26/protect-multiple-cloud-app-instances-using-microsoft-cloud-app-security/)