To protect users from advanced threats and to prevent data loss, Cloud App Security searches for security risks and undesirable data sent
through email services, or saved in cloud storage applications by performing real-time
scanning on files in supported cloud applications and services, including Exchange
Online,
SharePoint Online, OneDrive, Microsoft Teams, Box, Dropbox, Google Drive, and Gmail.
Cloud App Security starts scanning when an email message arrives at or
is sent from a protected mailbox, a file is saved to a cloud storage application or
shared to
a Microsoft Teams channel, or a private Teams chat message is sent. This unique API-based
architecture guarantees that Cloud App Security has "zero impact" on
your email or chat message delivery or file sharing as well as commitments defined
in your
service level agreements.
Note
In addition to API-based Protection, Cloud App Security also
provides the option of Inline Protection for email services to block security risks
before
they can affect your organization. For details, see Protection modes for email services.
After you grant Cloud App Security access to a cloud application or service, Cloud App Security scans the content in the application or service based
on your enabled policies. Cloud App Security provides default policies
and allows you to create new policies. Upon detecting malicious or undesirable content,
Cloud App Security automatically takes action against the email, file, or
chat message based on the scanning result.
The following illustrates how Cloud App Security works.
