Deploy Cloud App Security

Cloud App Security can help you take advantage of the benefits of cloud applications while maintaining control of your corporate resources. It works by improving visibility of cloud activity, and helping to increase the protection of corporate data. In this topic, we walk you through the steps you take to set up and work with Cloud App Security.

Your organization must have a license to use Cloud App Security. For more information, see the How to buy Cloud App Security section on the Cloud App Security home page.


You do not need an Office 365 license to use Cloud App Security.



An Office 365 license is not required for Cloud App Security.

  • After you have procured a license for Cloud App Security, you will receive an email with activation information and a link to the Cloud App Security portal.

  • To set up Cloud App Security, you must be a Global Administrator, a Compliance Administrator or a Security Reader in Azure Active Directory or Office 365. It's important to understand that a user who is assigned an admin role will have the same permissions across all of the cloud apps that your organization has subscribed to, regardless of whether you assign the role in the Office 365 portal, or in the Azure classic portal, or by using the Azure AD module for Windows PowerShell. For more information, see Assigning admin roles in Office 365 and Assigning administrator roles in Azure Active Directory.

  • To run the Cloud App Security portal, use Internet Explorer 11, Microsoft Edge (latest), Google Chrome (latest), Mozilla Firefox (latest) or Apple Safari (latest).

To access the portal

To access the Cloud App Security portal, go to

Alternatively, you can access the portal through the Office 365 Admin center by clicking the Admin centers icon O365 admin centers icon followed by Cloud App Security.

Access from O365

Get started quickly with Cloud App Security

Step 1. Set up Cloud Discovery.

Required task: Upload traffic logs To create a continuous Cloud Discovery report

  1. Go to Settings > Cloud Discovery settings.
  2. Choose Upload log automatically.
  3. On the Data sources tab, add your sources.
  4. On the Log collectors tab, configure the log collector.

To create a snapshot Cloud Discovery report

  1. Go to Discover > Create new snapshot report and follow the steps shown.

Why should you configure Cloud Discovery reports? Having visibility into shadow IT in your organization is critical. After your logs are analyzed, you can easily discover which cloud apps are being used, by which people, and on which devices.

Step 2. Set instant visibility, protection, and governance actions for your apps.

Required task: Connect apps

  1. Go to Settings > App connectors.
  2. Choose Connect app and select an app.
  3. Follow the configuration steps to connect the app.

Why connect an app? After you connect an app, you can gain deeper visibility so you can investigate activities, files, and accounts for the apps in your cloud environment.

Step 3. Control cloud apps with policies.

Required task: Create policies

To create policies

  1. Go to Control > Templates.
  2. Select a policy template from the list, and then choose (+) Create policy.
  3. Customize the policy (select filters, actions, and other settings), and then choose Create.
  4. On the Policies tab, choose the policy to see the relevant matches (activities, files, alerts). Tip: To cover all your cloud environment security scenarios, create a policy for each risk category.

How can policies help your organization? You can use policies to help you monitor trends, see security threats, and generate customized reports and alerts. With policies, you can create governance actions, and set data loss prevention and file-sharing controls.

Step 4. Personalize your experience.

Recommended task: Add your organization details

To enter email settings

  1. Go to Settings > Mail settings.
  2. Under Email sender identity, enter your email addresses and display name.
  3. Under Email design, upload your organization's email template.

To set admin notifications

  1. In the navigation bar, choose your user name, and then go to User settings.
  2. Under Notifications, configure the methods you want to set for system notifications.
  3. Choose Save.

To customize the score metrics

  1. Go to Settings > Cloud Discovery settings.
  2. Under Score metric configuration, configure the importance of various risk values.
  3. Choose Save.

Now the risk scores given to discovered apps are configured precisely according to your organization needs and priorities.

Why personalize your environment? Some features work best when they are customized to your needs. Provide a better experience for your users with your own email templates, decide what notifications you receive, and customize your risk score metric to fit your organization’s preferences.

Step 5. Organize the data according to your needs.

Recommended task: Configure important settings

To create IP address tags

  1. Go to Settings > IP address tags.
  2. Choose (+) Add IP address range.
  3. Enter the IP range details, location, tags, and category.
  4. Choose Create.

    Now you can use IP tags when you create policies, and when you filter and create continuous reports.

To create continuous reports

  1. Go to Settings > Cloud Discovery settings.
  2. Under Manage continuous reports, choose Create report.
  3. Follow the configuration steps.
  4. Choose Create.

Now you can view discovered data based on your own preferences, such as business units or IP ranges.

To add domains

  1. Go to Settings > General settings.
  2. Under Organization details, add your organization's internal domains.
  3. Choose Save.

Why should you configure these settings? These settings help give you better control of features in the console. With IP tags, it's easier to create policies that fit your needs, to accurately filter data, and more. Use Data views to group your data into logical categories.

See Also

Set policies Control cloud apps with policies.

Premier customers can also choose Cloud App Security directly from the Premier portal.