Which Zscaler cloud app categories have granular controls?

The Cloud App Control component of Zscaler is a very powerful and convenient feature that simplifies protection. These days, applications have a TON of various underlying addresses, third-party services, and sub-components which would be otherwise difficult to filter on URL alone. Cloud App Control leans on Zscaler to maintain proper scrutiny on this data. The result is (typically) a more robust and complete policy enforcement model.

All that being said, it's worth noting that not all Cloud App Categories are the same. Zscaler has some Cloud App categories with a simple "Allow" or "Block" stance (meaning that it's an all-or-nothing action; the user is either permitted to use the app/service or not). Zscaler has other Cloud App categories with more granular permissions. For example, maybe admins want the user to read messages from gmail but not upload attachments.

Here's a break-down of the app categories and their high-level capabilities (courtesy of Zscaler documentation):

• Cloud App Categories with Allow or Block Options (all-or-nothing)
  • Consumer
  • Custom Applications
  • DNS Over HTTPS Services
  • Finance
  • Health Care
  • Hosting Providers
  • Human Resources
  • IT Services
  • Legal
  • Productivity & CRM Tools
  • Sales & Marketing
• Cloud App Categories with options for granular controls (selective partial access)
  • AI & ML Applications
  • Collaboration & Online Meetings
  • File Sharing
  • Instant Messaging
  • Social Networking
  • Streaming Media
  • System & Development
  • Webmail

What happens if a single policy involves multiple categories? In this scenario, only actions common to all categories would be available.

For more information on this topic, check out Zscaler documentation here:

https://help.zscaler.com/zia/understanding-cloud-app-categories