Well, as I understand it, CASB's work in two ways - Proxy and API.
In Proxy mode, all access to your Cloud goes through the CASB and hence before you are able to execute an operation, the CASB can evaluate the operation for compliance BEFORE it is executed. This also applies to DLP functions - it can, for example, PREVENT a proscribed action (like downloading a Confidential Document to an unsecure location) from taking place. It can also immediately quarantine infected or unscanned documents to the Cloud.
In API Mode, the CASB accesses activity logs and uses them to evaluate actions that have ALREADY happened (that's why they're in the logs). Add to the fact that the Logs can be delayed by an hour in some cases (depending on the frequency of the pull down of the logs), this means that in API mode any DLP action can only be administrative or reactive (at best). If I download a Confidential document to my personal laptop in violation of a DLP rule, all it can do is flag the action and escalate to someone for followup. However, the document has left the building and is in the wild.
Now, if you asked (I paraphrase) if McAfee's CASB working in API mode would leverage Office3 365's built in DLP capabilities? My understanding is "*NO, it doesn't. It will use some components of Office 365 to enable its own DLP capabilities, but it won't actively invoke the DLP tools of Office 365 directly."
As DLP matures, this may well change. But currently there is no standardized DLP mechanism to leverage.
