Learn about the new features that became available in SaaS Security starting April
2024.
The following table provides a snapshot of new features introduced for SaaS Security
in April 2024. Refer to the
Administrator’s Guide for more information
on how to use
Data Security,
SaaS Security Inline, and
SaaS Security Posture Management (SSPM).
Detailed user and group information from Cloud Identity Engine in
SaaS Security Inline
|
For the Discovered Users view
, SaaS Security Inline matches the discovered users with
user information from Azure AD to display additional user
details, such as the user's department, region, and manager. You
can also filter the view according to these additional details.
For the Create New Policy
Recommendation page, you now have the option to
include users and groups from Cloud Identity Engine in your
policy recommendations. SaaS Security Inline obtains the users
and groups from Azure AD through the Cloud Identity Engine. SaaS
Security Inline also obtains the dynamic user groups that the
Cloud Identity Engine has defined.
|
Improvements to tenant-level policy rule recommendations
|
When you create policy rule
recommendations at the tenant level, you can now
specify the Allow action for more
applications. Tenant-level policy rule
recommendations, if committed on the firewall, affect
only the application tenants identified in the recommendation.
The Allow action explicitly permits
network traffic on selected tenants, and was previously
supported for Box. The Allow action is
now also supported for GitHub, Microsoft SharePoint, and
Slack.
|
Behavior Threats detection
|
Behavior Threats is a
new feature in SaaS Security that helps you identify potential
threats to your organization from compromised accounts,
malicious insiders, and data breaches. Specifically, Behavior
Threats examines how your organization’s users are interacting
with sanctioned SaaS applications to identify suspicious user
activities that might indicate attempts to steal or corrupt
data.
New customers who purchase a license that includes Data Security
will have access to Behavior Threats immediately. For existing
customers with Data Security, we are rolling out Behavior
Threats over the coming weeks. If you're an existing customer
and you want get started with Behavior Threats sooner, contact
us at
behavior-threats-support@paloaltonetworks.com.
|
Support for Custom Admin Roles in SSPM
|
You can now create Custom Admin Roles for
SSPM in the Strata Cloud Manager. With this launch, you have the
extended capability of managing the Role-Based Access Control,
leveraging the Identity and Access
Management (I&AM) central framework for complete
authentication and authorization.
|
Microsoft Labeling
|
Data Security supports Microsoft Labeling for Office 365
connectors. You can apply data labels to assets in your Office 365 connectors,
thus classifying and protecting sensitive information in your
organization.
|
Selective Scanning for Google Drive on Strata Cloud Manager
|
Data Security supports OU based Selective Scanning for
Google Drive on Strata Cloud Manager.
|
Selective Scanning for Office 365 and Box apps on Strata Cloud Manager
|
Data Security supports Selective Scanning for Office 365 and Box apps on Strata Cloud Manager.
|