Depending on the cloud type you chose, some or all of the following protection models will be available. For suites, the selected protection models apply to the entire suite.

• App Authentication - Provides expanded controls for access that go beyond user IDs, such as denial of logins from non-compliant or compromised devices and from users with patterns of risky behavior.
• App Access - Provides context controls for cloud applications and custom applications; allows access control based on user risk factors and IP risk configurations, as well as DRM-style encryption.
• API Access - Provides an out-of-band approach to data security; performs ongoing monitoring of user activities and administrative functions.
• Cloud Security Posture - Used for cloud types for which you want to apply Cloud Security Posture Management functionality. For more information, see Cloud Security Posture Management (CSPM).
• Dynamic DRM - Allows or denies access to keys for decryption of encrypted files.
• Email - Used for Office 365 cloud application types that include email as one of the cloud applications.
• ActiveSync Device Management - Used for cloud types for which you want to apply device management with ActiveSync.
• Cloud Data Protection -- Used for ServiceNow and SuccessFactors cloud types.
• Cloud Data Discovery -- Used for cloud types for which you want to apply Cloud Data Discovery functionality. For more information, see Cloud Data Discovery.
  1. Select one or more protection models, depending on the type of protection you want to enable for a cloud. You can create policies for the cloud application based on the protection models you choose.
  2. Click Next.