kimkischel Still thinking about this one ... apologies for all the questions. The Microsoft Docs page here - https://docs.microsoft.com/en-us/cloud-app-security/manage-app-permissions - says that marking an app as approved is a visual only notification to the admin. Does this work the same way for a banned app? I read the document as saying that banning an app revokes whatever authorization are in place at that point in time, but does not prevent the user from re-approving them. Or, in other words, that it's a single point in time governance action but not a black list.
Therefore, a user could re-approve an OAuth app that was banned, and an admin would have to either manually ban it again, or if your answer to my first question above is that newly identified OAuth apps can be automatically revoked without admin intervention, that MCAS could automatically revoke it again once it sees it happening.
Is this understanding in line with how this all works, or have I mis-understood?