Forum Discussion
Exclude Users or Devices
Hello Community Members, we have some unsanctioned apps in MCAS and created a service user which still should have access to those domains. Is it possible to excluse users or devices so that ...
The only option available to override MCAS unsanctioned apps, is to create custom network indicators in MDE.
This override can only be assigned to MDE device groups though, so if you want to limit this to specific users, these users will need to have personally assigned devices (as in devices not shared with other users).
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/web-protection-overview?view=o365-worldwide
This override can only be assigned to MDE device groups though, so if you want to limit this to specific users, these users will need to have personally assigned devices (as in devices not shared with other users).
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/web-protection-overview?view=o365-worldwide
thanks for the reply - I'll give it a go.
Such a shame there isn't an exclusion area in Cloud Security.. makes me wonder if anyone trialed or feedback was even conducted with real world business operations in mind.
Such a shame there isn't an exclusion area in Cloud Security.. makes me wonder if anyone trialed or feedback was even conducted with real world business operations in mind.
Yes, I am pretty sure it is a functionality many people want.
In this case, MCAS does not have forward proxy functionality in itself, so it only supplies list of unsanctioned Apps(URLs), and it is then up to the solution that does the blocking (MDE, SWGs etc) to manage the targets and actions to take (to block or warn, who or what to target/override).
MDE does not have any functionality to target specific users, only device groups, so targeted overrides is quite limited at the moment.
If more complex policy management is a must, you would have to look at SWGs such as Zscaler Internet Access, which also works with MCAS cloud discovery and can do automatic blocking.- thank you for the detailed reply. I dont want to have to use a third party solution - really wanted to keep it all under wraps with MS. However, as I feel like Cloud security doesnt perform to the degree i want - seems i'll either drop the Cloud security feature entirely or use a third party at this point unfortunately.