Microsoft Defender for Cloud Apps | Microsoft Community Hub

Forum Widgets

Latest Discussions

General Risk Factor - Logon URL - Null
I'm trying to create a policy that maps "Logon URL" field in the app details and if its empty/blank, it approves/sanction the application. My only challenge is that I'm not able to set an identifier that reads blank field. I tried ASCII null character but it doesn't work. Wondering if this use case is even possible.
RavTin
Copper Contributor
Jun 24, 2025
MDCA
30Views
0likes
1Comment
Playbooks with MDCA
I am attempting to integrate MDCA alerts with freshdesk as per the e.g. https://learn.microsoft.com/en-us/defender-cloud-apps/flow-integration I have E5 without teams licenses. I created the flow, Once from playbooks in MDCA portal and once in power automate directly and went to create a policy to test it out but the option "Sent to power automate" from the policy is always greyed out. Alerts are not automatically detected in the flow unless the action in the policy is set to send to power automate which again is greyed as option in the policies. Also playbooks tab in the MDCA portal does not show the flows I created before, It shows empty, Seems link is broken between MDCA and PowerAutomate. Any reason for this, Any Idea about this? Thanks in advance.
AhmedSHMK
Copper Contributor
Jun 11, 2025
Defender for Cloud Apps
Power Autamate
security
32Views
0likes
0Comments
Problem with MDCA Session Control and Google Workspace
We have implemented MDCA Session Control with Google Workspace in a Customer. Almost all Google apps work and they are protected by Session Control, but we have found problems with Gemini, Analytics and Google Search. These apps don´t open under session control and it seems some kind of problems with SSO. Do anyone knows any fix for the problem?
Ramon_Pastor_Garcia
Microsoft
Apr 23, 2025
52Views
0likes
0Comments
Filter out BYOD devices from blocking unsanctioned apps
Hi there, I've encountered an issue. When I tag a cloud app as unsanctioned, it gets blocked as expected. However, we use BYOD mobile devices that are Entra registered along with app protection policies, and the unsanctioned apps are being blocked outside the managed apps. For example, an unsanctioned app gets blocked in unmanaged safari browser on BYOD iOS device. I can't find information on how to limit the enforcement scope to only managed apps on BYODs or how to limit the enforcement scope to company-managed devices. Please help.
PavIT5
Copper Contributor
Apr 21, 2025
39Views
0likes
0Comments
Using Microsoft Defender for Cloud Apps to block apps on managed devices.
Greetings, I have been tasked to work with Microsoft Defender for cloud apps and to block the usage of the Firefox browser on all endpoints within my estate apart from a few users who require it. I have tried to unsanctioned app feature. This only displays a warning prompt but users can still proceed with using and interacting with the application. We have already configured web content filtering and works fine. I already looked up other articles relating to downloading a block script but that applies to other security appliances such as firewalls which we don't want to get into. Is there a convenient way to block certain apps usage by solely using Microsoft Defender for Cloud Apps or is this platform only used for monitoring purposes and cannot really block the app by unsanctioning it?
CrestonV
Copper Contributor
Jan 16, 2025
Defender for Cloud Apps
microsoft defender for cloud
998Views
1like
4Comments
Cloud Discovery policy - Governance action - Scoped profile missing
Hi everyone, I wanted to create a Cloud Discovery policy that automatically tags as unsanctioned some applications but only for a scoped profiles. When tagging cloud applications manually, it's possible to scope it to a profile: However, this option doesn't exist in the governance actions section: Are there any other way to create policies that can tag but only for a device group/scoped profile? Cheers,
MatheoBt
Copper Contributor
Dec 11, 2024
48Views
0likes
0Comments
MCAS Log collector supported for Ubuntu 22.04 LTS and Ubuntu 24.04 LTS
Hi all, is collector supported for these 2 versions? In official documentation does not appear. Thank you!
benjamino-21
Copper Contributor
Nov 26, 2024
92Views
0likes
1Comment
Block Sensitive Data Upload to External SharePoint Online Tenants
We need to block the ability of Users, who are serving the notice period, to upload any Confidential labelled documents to external SharePoint Online Tenants. What is the best way to do this please?
Sochito
Copper Contributor
Nov 06, 2024
block
MDCA
purview
181Views
0likes
8Comments
MCAS Log on Event
Last night I had a Sentinel alert for logon from IP address associated with password spray. Alert was triggered from threat indicator matching IP address. OK no big deal, wasn't a password spray. In tracking this down I see the user is external in MCAS. I find no files shared with the user, no teams message activity, no email to the user.... nothing. My question is, what could the logon event be from?
JeffR_CNY
Copper Contributor
Oct 25, 2024
171Views
0likes
1Comment
MCAS requirements for Log Collector
Hi all, this is my first question in the Microsoft Community. I have been reviewing the requisites for MCAS log collector and I wanted to understand why does the machine hosting the log collector needs at least 250 GB disk, as this appliance sends every 40KB to MCAS and stores up to 20 backup files. Thanks in advance, Benjamin
benjamino-21
Copper Contributor
Oct 25, 2024
229Views
0likes
1Comment

Resources

Tags

Cloud App Security524 Topics
Cloud Discovery107 Topics
Data Protection66 Topics
App Connectors55 Topics
threat protection53 Topics
azure active directory12 Topics
microsoft defender for cloud apps12 Topics
cloud security10 Topics
mcas9 Topics
azure8 Topics