What are the differences in discovery capabilities for Azure Active Directory and Microsoft Cloud App Security?
This article describes the differences between discovery capabilities in Microsoft Cloud App Security and Azure Active Directory (Azure AD).
For information about licensing, see the Microsoft Cloud App Security licensing datasheet.
Microsoft Cloud App Security
Microsoft Cloud App Security is a comprehensive cross-SaaS solution bringing deep visibility, strong data controls and enhanced threat protection to your cloud apps. Cloud Discovery is one of the features of Cloud App Security, which enables you to gain visibility into Shadow IT by discovering cloud apps in use.
Enhanced Cloud App Discovery in Azure Active Directory
Azure Active Directory Premium P1 includes Azure Active Directory Cloud App Discovery at no additional cost. This feature is based on the Microsoft Cloud App Security Cloud Discovery capabilities that provide deeper visibility into cloud app usage in your organizations. Upgrade to Microsoft Cloud App Security to receive the full suite of Cloud App Security Broker (CASB) capabilities offered by Microsoft Cloud App Security.
Feature comparison
The following table is a comparison of the discovery capabilities in Microsoft Cloud App Security and Azure AD.
| Capability | Feature | Microsoft Cloud App Security | Azure AD Cloud App Discovery |
|---|---|---|---|
| Cloud Discovery | Discovered apps | 16,000 + cloud apps | 16,000 + cloud apps |
| Deployment for discovery analysis | Manual and automatic log upload | Manual and automatic log upload. Learn more about setting up Cloud Discovery | |
| Log anonymization for user privacy | Yes | Yes | |
| Access to full Cloud App Catalog | Yes | Yes | |
| Cloud app risk assessment | Yes | Yes | |
| Cloud usage analytics per app, user, IP address | Yes | Yes | |
| Ongoing analytics & reporting | Yes | Yes | |
| Anomaly detection for discovered apps | Yes | ||
| Information Protection | Data Loss Prevention (DLP) support | Cross-SaaS DLP and data sharing control | |
| App permissions and ability to revoke access (OAuth apps) | Yes | ||
| Policy setting and enforcement | Yes | ||
| Integration with Azure Information Protection | Yes | ||
| Integration with third-party DLP solutions | Yes | ||
| Threat Detection | Anomaly detection and behavioral analytics | For Cross-SaaS apps | |
| Manual and automatic alert remediation | Yes | ||
| SIEM connector | Yes. Alerts and activity logs for cross-SaaS apps. | ||
| Integration to Microsoft Intelligent Security Graph | Yes | ||
| Activity policies | Yes |
Next steps
Read about the basics in Getting started with Cloud App Security.
If you run into any problems, we're here to help. To get assistance or support for your product issue, please open a support ticket..