Shadow IT Discovery-time taken for MDATP endpoint to use an app for the first time before block

Hi, I am looking at using the new functionality in MD ATP to block unsanctioned apps on Win10 endpoints and have a question. If I have a policy setup that apply's to "all continuous reports" ...

Cloud App Security

Cloud Discovery

Danny Kadyshevitch
Dec 09, 2019
Hi Paul,

This timing depends on 2 variables:

Time from app tagging in MCAS until it is being sent to MDATP (~15 minutes today)

Time for MDATP to propagate this to the endpoint (up to 2 hours)

The sum of these two (2:15 hrs) is the upper bound for the unsanctioning operation to take action on the endpoint.

Thanks,

Danny.

Danny Kadyshevitch

Former Employee

Dec 09, 2019

Hi Paul,

This timing depends on 2 variables:

Time from app tagging in MCAS until it is being sent to MDATP (~15 minutes today)
Time for MDATP to propagate this to the endpoint (up to 2 hours)

The sum of these two (2:15 hrs) is the upper bound for the unsanctioning operation to take action on the endpoint.

Thanks,

Danny.

PJR_CDF
Iron Contributor
Dec 09, 2019
Thanks Danny Kadyshevitch

That's just what I needed!

Forum Discussion

Shadow IT Discovery-time taken for MDATP endpoint to use an app for the first time before block

Resources