Microsoft Defender for Cloud AppsMCAS

A Cloud Access Security Broker (CASB) that provides visibility over SaaS application usage, detects anomalous behaviour, enforces data governance policies across cloud apps, and controls OAuth application permissions.

Also known asDefender for Cloud AppsMicrosoft Cloud App SecurityMCAS

In plain English

Defender for Cloud Apps acts as a security checkpoint between your users and the cloud applications they access. It discovers every SaaS app in use (including shadow IT), flags risky apps or unusual access patterns, and can enforce policies like blocking downloads from unmanaged devices or revoking suspicious OAuth application permissions.

Full definition

Organisations typically have dozens of SaaS applications in use that IT doesn't know about — cloud storage, HR tools, project management platforms, AI services. Defender for Cloud Apps discovers these by analysing network traffic or integrating with , then assesses each app for security risk.

Key capabilities include: app discovery and shadow IT visibility, OAuth app governance (detecting over-permissioned third-party apps), Conditional Access app control (session-level inspection and control for managed apps), and anomaly detection for unusual data downloads, impossible travel, and uploads to cloud storage.

Keep learning

More terms in the IronSights Glossary.

Back to glossary Read insights