Cloud App Security searches
for security risks and undesirable data by scanning messages and their attached files
in
email services, files stored in other cloud applications, object records such as documents
and feed posts in Salesforce, and messages in private Teams chats.
Cloud App Security
performs real-time scans and on-demand (manual) scans. When detecting malicious or
undesirable content, Cloud App Security automatically takes action
against the email message, file, Salesforce object record, or Teams chat message according
to scanning rules. Configure policies to scan specific targets and then take certain
action
or send a notification based on the security risk.
![]() |
NoteManual scan is not applicable for Microsoft Teams (Chat) and
Salesforce.
|
By default, Cloud App Security scans all
possible email messages, files, Salesforce object records, and private Teams chats
in the
cloud applications and services it protects. Scannable files include any file that
is not
encrypted, password protected, or exceeds user-configured scanning restrictions.
Real-time scanning and on-demand scanning apply to Advanced Threat Protection policies
and Data
Loss Prevention policies.
Real-time scan
Cloud App Security scans the following in real
time:
-
For email services, scanning occurs when an email message arrives at a protected mailbox.
-
For cloud storage applications, scanning occurs when a user uploads, creates, synchronizes, or modifies a file.
-
For Salesforce, scanning occurs when a user updates an object record.
-
For Teams Chat, scanning occurs when a user sends a private chat message.
Manual scan
Cloud App Security provides two manual scan types:
-
Scan and protect: Analyzes email messages or files, and takes action upon detecting any violation triggering the selected policy.
-
Scan only: Analyzes email messages or files, logs the analysis, and delivers the messages or files to users without taking any action configured in the selected policy. This helps evaluate the Cloud App Security performance with zero impact on mail flow and file sharing.
Note
This scan type applies to Microsoft 365 services and Gmail only.
Run a manual scan to
ensure that Cloud App Security scans all messages and files.
Completely scanning cloud applications and services in this way minimizes the risk
of advanced
threats or data protection violations. A manual scan affects all users, groups and
sites; however
optionally configure Cloud App Security to scan specific targets, as
needed.
Cloud App Security generates and sends a
comprehensive report after a manual scan to specified users, consolidating the scan
results and displaying detailed information.
Manual scan requirements:
-
For a full license, run a manual scan on up to 31 days of data.
Note
A trial license supports a manual scan only on one day of data, and a manual scan covers 25 mailboxes, 5 SharePoint sites, 5 teams, or 5 cloud application service accounts. -
Run only one manual scan for one kind of policy at a time.For example, you can perform a manual scan for Exchange Data Loss Prevention policies and SharePoint Online Data Loss Prevention policies at the same time. You cannot simultaneously perform two manual scans for Exchange Data Loss Prevention policies.