MicrosoftHi Michael Sampson, per your questions above:
1. MCAS allows you to set automated remediation for policy violations. In this case, once MCAS detects an OAuth app that matches the policy conditions (for example, and app that requires full access to the user's data), it can automatically revoke the permissions granted to the apps, an effectively remove it. The user will might still see the app as connected but the app won't be able to perform any action.
The remediation flow is automatically executed without any admin intervention. In addition, an alert will be triggered for auditing and further investigation.
2. Banning an apps as the app to a blacklist and covers any future permission grant to this app.
3. Currently you can only add specific apps to the blacklist/whitelist after the app was detected. Meaning, an app need to be approved by at least 1 user in the organization in order to be shown in the App Permissions page, and then added to the blacklist (by Banning the app) or to the whitelist (by Authorizing the app). Having said that, "policy-defined blacklist", such as block all apps that require Full Data Access, can be configured proactively.
Thanks,
Niv
