Forum Discussion
Blocking Personal Outlook and Gmail Accounts on Corporate Device
Hi Juan,
Using Defenders for Cloud Apps will give you ability to block "apps" or essentially websites. This is done through cloud app catalog, and you can choose to make that app is blocked.
Or, if you want to do so manually, you can use Defender for Endpoints, setup web content filtering policies. This is essentially what Defender for Cloud Apps does too for you except that they have collected all the necessary URL to be blocked instead of you tries to find it one by one.
I implemented this for our corporate device we blocked any sites or services that could be used for data exfil. Of course, this isn't the only place we put in control to prevent data leakage and as other mentioned - DLP is also used, network firewall is also used among others.
Good luck with your implementation.
Is there a way to exclude certain users or devices? Some users need access to Gmail for testing purposes, but I haven’t been able to implement this policy successfully. I tried using a CA policy, but it doesn’t seem to work for some reason.
Yes, you need to first setup device groups under defender portal > setting > endpoints.
Then setup app scoped profiles under defender portal > setting > cloud apps > app tags > scoped profiles
in scoped profile, you basically pick which device group goes into which scoped profile. you will need to design it a bit; but my experience is that more profile/group you create the higher chance that it will become messy so try to limit within 3 main groups (all unblocked, some blocked, all blocked).
once that is setup, you will be able to select which app is blocked using the scoped profile instead of blocked for all devices
by default, there is already 1 scoped profile that is every device.