New features in Cloud App Security (CAS) are NOT enabled by default.
This applies to existing policies, and newly created policies.
CAS Administrators have the liberty to choose whether to enable new features after reviewing related documents, perform tests, and monitor results to assess the impact of the feature to their environment.