Forum Discussion

SebastiaanR's avatar
SebastiaanR
Brass Contributor
Feb 10, 2021

Defender for Endpoint - Blocking Unsanctioned VPN Connections

Good day community,

 

Is there a way to prevent users from connecting to unsanctioned VPN services using Defender?

 

We have a Palo Alto solution that needs to be used, but we are seeing a heck of a lot of Impossible Travel activities in Cloud App Security suggesting that VPN services are used.

 

Would adding these connections to a custom indicator/detection list do the trick? Or is there a better/more preferred way to achieve this?

 

Thanks

  • Thijs Lecomte's avatar
    Thijs Lecomte
    Bronze Contributor
    Hi

    An indicator or custom detection would be able to block these programs yes.

    IMO, taking away local admin from these users would be a lot easier and a better solution in the long run
    • SebastiaanR's avatar
      SebastiaanR
      Brass Contributor

      Thijs Lecomte 

      Thanks. I agree, the long-term solution would be to actually limit the installation of these programs to begin with.

       

      I think we will end up creating the indicator to do the initial detection of these connections, and then transitions the devices across to be managed through policy.

       

      It's definitely a pain in the backside!

Resources