Forum Discussion
Using Microsoft Defender for Cloud Apps to block apps on managed devices.
HiCrestonV ,
the unsanctioned tagging works in conjunction with MDE to enforce web app blocking by leveraging Network Protections custom indicators list. This occurs by MDCA automatically adding the domains/urls to the list upon tagging an app unsanctioned.
I recommend confirming that you have custom indicators enabled and are Enforcing App Access, here.
Finally, also doesn’t hurt to check you have the integration between MDE and MDCA turned on in Advanced Features, see here.
Let me know if this helps or if you still experience the issue.
Best regards,
Dylan
Hi Dylan,
Thanks for your reply.
I have confirmed both (Custom indicators and Integrate MDE and MDCA) are turned on. I can also confirm that the indicator list are populated with the urls for the apps that have been marked as unsanctioned.
When we launch the app > we do get a notification from windows security stating that the app content is blocked from viewing but users are still able to access the application and use the application as normal. We are also able to see the alerts and incidents being generated from accessing unsanctioned apps in our Defender admin portal page but the installed application is not blocked.
I've been trying to search for articles for this but can't seem to find any. So am not sure if Defender for cloud apps only work in blocking websites or if it also works with blocking using applications that are installed on end user devices.
Any help on this would be appreciated.
Thanks!
Creston