Forum Discussion
Defender for Endpoint - Blocking Unsanctioned VPN Connections
Good day community,
Is there a way to prevent users from connecting to unsanctioned VPN services using Defender?
We have a Palo Alto solution that needs to be used, but we are seeing a heck of a lot of Impossible Travel activities in Cloud App Security suggesting that VPN services are used.
Would adding these connections to a custom indicator/detection list do the trick? Or is there a better/more preferred way to achieve this?
Thanks
- Thijs LecomteBronze ContributorHi
An indicator or custom detection would be able to block these programs yes.
IMO, taking away local admin from these users would be a lot easier and a better solution in the long run- SebastiaanRBrass Contributor
Thanks. I agree, the long-term solution would be to actually limit the installation of these programs to begin with.
I think we will end up creating the indicator to do the initial detection of these connections, and then transitions the devices across to be managed through policy.
It's definitely a pain in the backside!
- challengelogicCopper Contributor
Interesting question, would be great to know how you get on mitigating that risk. thanks