Hello Community Members, we have some unsanctioned apps in MCAS and created a service user which still should have access to those domains. Is it possible to excluse users or devices so that they wont be blocked when accessing the domains? Thanks in advance 🙂

Hello,In Settings cog - in the right upper corner under cloud discovery: exclude entities - add your users, IP, groups, devices. "This list contains discovered users who are excluded from Cloud Discovery data in your organization. Exclusions apply only to new data."

Hello,thank you. I can not choose any users, it says: No items to show. Also I can not see all of the devices, only some of them.Any ideas?

The users and Devices from the Cloud Discovery data that is analysed should be there. If you go to Cloud Discovery Dashboard, do you see your user there? If not, can you use generate some traffic for that user?

I see them all, users and devices, on the Dashboard but not on the entities page.

The funny part is that the network protection is not enabled on the devices. As for my understanding Network Protection was a requirement so that MCAS can block apps on endpoints. Do you know the Event ID when a Domain gets blocked? Maybe I can see why it is still blocking.

Exclude Users or Devices | Microsoft Community Hub

14 Replies

erenbln
Copper Contributor
Sep 05, 2025
Can anyone help me with how to add exceptions (for users or devices) for an unsanctioned app like Dropbox? Is there a solution for that?
deepak410
Copper Contributor
Jun 12, 2025
Dear Microsoft,
I have the same question, i have some unsanctioned apps which by default is applicable for all the users<
I want to create a exception for some people, i tried using the exclude entities option , i tried adding both user by email and excluded devices as well. but still it is not working. User is unable to access the unsanctioned app.
I believe only adding a tag of the unsanctioned app will not block the apps, we need to enable the enforce app access. we enabled this setting and iocs were added to the mde.
SuperNotDuper
Copper Contributor
Oct 21, 2021
Ugur_Koc

is there any way to perform this? Why is this feature not added from get-go? such a pain and will cause the product not to be used now...
- Jonhed
  Iron Contributor
  Oct 26, 2021
  The only option available to override MCAS unsanctioned apps, is to create custom network indicators in MDE.
  This override can only be assigned to MDE device groups though, so if you want to limit this to specific users, these users will need to have personally assigned devices (as in devices not shared with other users).
  https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/web-protection-overview?view=o365-worldwide
  - SuperNotDuper
    Copper Contributor
    Oct 26, 2021
    thanks for the reply - I'll give it a go.
    
    Such a shame there isn't an exclusion area in Cloud Security.. makes me wonder if anyone trialed or feedback was even conducted with real world business operations in mind.
LuizaT
Microsoft
Jul 06, 2021
Hello,

In Settings cog - in the right upper corner under cloud discovery: exclude entities - add your users, IP, groups, devices.

"This list contains discovered users who are excluded from Cloud Discovery data in your organization. Exclusions apply only to new data."
- Ugur_Koc
  Copper Contributor
  Jul 06, 2021
  Hello,
  
  thank you. I can not choose any users, it says: No items to show. Also I can not see all of the devices, only some of them.
  
  Any ideas?
  - LuizaT
    Microsoft
    Jul 06, 2021
    The users and Devices from the Cloud Discovery data that is analysed should be there. If you go to Cloud Discovery Dashboard, do you see your user there? If not, can you use generate some traffic for that user?

Forum Discussion

Exclude Users or Devices

14 Replies

Resources