General Risk Factor - Logon URL - Null

You're trying to create a policy condition (likely in Microsoft Defender for Cloud Apps / Microsoft Entra ID / Conditional Access / some governance engine) that identifies when the “Logon URL” field is blank in an application, and then triggers a policy decision (e.g., sanctioning it).

If You're Using Microsoft Defender for Cloud Apps (MCAS)

You might be using App governance policies like this:

If “Logon URL” is empty/null → then sanction the app

MCAS doesn’t allow you to filter directly on "null" in the UI picker, but here's what you can do:

1.Use Advanced Filter (in the app catalog)

1. Go to Cloud Discovery > Discovered apps
2. Use the Advanced filter
3. Set:

Logon URL == ""

or (in some cases)

Logon URL is null

If it fails to return anything, try exporting the discovered apps as CSV and verify the field's value — it may be truly null or just missing.

2.Use Governance Automation or API

If UI logic doesn’t support “null,” use Power Automate or Graph API to:

• Pull apps with missing fields
• Apply "sanction" tags via the API

Other Matching Techniques

• KQL example (if working with logs):

kql

AppEvents

| where isnull(LogonURL) or LogonURL == ""

• Power Automate Logic:

power

if(empty(triggerBody()?['LogonURL']), 'Sanction', 'Ignore')

• JSON policy condition (Azure Policy):

json

"not": {

  "field": "properties.logonUrl",

  "exists": "true"

}

Yes, this use case is possible, but not always via the UI. Here's what you should do:

1. Try checking for == "" or is null in your tool's query/filter engine
2. If that doesn't work, use API-based automation (MCAS API or Graph API) to filter/sanction
3. Avoid using ASCII null — it's not compatible with most policy engines

Let me know which exact platform or tool you're writing this policy in (e.g., Defender for Cloud Apps, Azure AD, Microsoft Purview, etc.)