Forum Discussion
Using Microsoft Defender for Cloud Apps to block apps on managed devices.
Hi DylanInfosec
Thanks for your reply on my post.
I can confirm both Custom indicators and MDE and MDCA integration are switched on and working as they should. I can also see the urls that have been added automatically to custom indicators are populated with the unsanctioned apps.
Yet we are not able to fully block a installed application. We continue to receive a notification from windows security of the block on the (Mozilla firefox) installed application on our endpoints and we also get alerts and incidents of users trying to access the installed app on our Defender for endpoint admin console but the users are still able to continue using the application.
We wanted to know if its possible to completely block the app usage and not be able to interact or open the app.
I look forward to hearing back from you.
Kind regards,
Creston Vaz
Doh, my apologies, I think I may have had a few similar posts up at the same time hence my response not being to direct in response to your question.
As you stated, Defender for Cloud Apps does integrate but to block Cloud Apps and not to prevent Mozilla Firefox, a desktop application from opening. You will have to utilize something like Defender Application Control. You could also try Custom indicators by File hash and/or Certificate. These can then be assigned to specified Device Groups to block access to those Device Groups specified and allow others to use these applications.
This will be a game of whack-a-mole though and you might consider a different approach down the line such as allowing Firefox but managing the browser settings via Intune.
Best regards,
Dylan