Microsoft Defender for Cloud Apps
By Microsoft
Microsoft's CASB (renamed from Microsoft Cloud App Security), bundled in Microsoft 365 E5. Cloud Discovery mines firewall and Defender for Endpoint logs for shadow IT, API connectors govern sanctioned apps, and Conditional Access App Control provides inline session controls wired directly into Entra ID sign-in policy.
Verified Source: 1
- Product type
- Software
- Deployment
- SaaS
- Organization size
- SMBMid-marketEnterprise
- Pricing tier
- $$
Capability checklist
CASBHow Microsoft Defender for Cloud Apps measures up against the full Cloud Access Security Broker taxonomy.
- Shadow IT discovery — supported
- Identifies unsanctioned cloud apps in use across the organization.
- Sanctioned app data controls — supported
- Applies data loss prevention policy to files and data inside approved SaaS apps.
- SaaS threat protection — supported
- Detects malware and account compromise within cloud app activity.
- Adaptive access control — supported
- Adjusts what a user can do in a cloud app based on device and risk context.
- API-based & inline deployment — supported
- Offers both API-based visibility and inline proxy enforcement modes.
- Compliance reporting — supported
- Reports cloud app usage and data exposure against regulatory requirements.
Alternatives
Other Cloud Access Security Broker tools with overlapping capabilities, sized for similar teams.