Forum Discussion
Restricting access to non SSO apps
I have multiple non SSO apps that my users need to access. I am looking to permit access but limit what actions users can take when visiting these apps/sites such as: blocking file uploads, blocking data download, restricting logins, etc to limit shadow IT.
Is there a way to do this within MDCA? Session control policies, activity policies and access policies require the apps be onboarded or SSO configured which is not feasible for the numerous apps in scope. If not MDCA, what other services have you used to accomplish this?
1 Reply
Microsoft does not have a solution for this currently. CA App Control (Defender for Cloud Apps) only supports SSO apps, and Global Secure Access (GSA) does not have session controls. We can use GSA to inspect traffic and block access, but it does not have session control type features.
