Forum Discussion

lfk73's avatar
lfk73
Brass Contributor
Mar 17, 2025

Defender bulk unsanction

I want to unsanctioned all Generative AI apps in cloud catalogue with a risk score 7 or below. But this is 970 apps and I don't feel like doing this one page of 20 at a time I'll be there all day. ...
microsoft 365 defender
Lucifier0786's avatar
Lucifier0786
Copper Contributor
Mar 19, 2025

It would be better to configure a policy in the Defender for Cloud Apps (MCAS) blade if you have MCAS access, rather than using a PowerShell script. This way, the process becomes automated and consistent, reducing manual effort and ensuring ongoing enforcement. Once the policy is set, it will automatically unsanction any new Generative AI apps with a risk score ≤ 7 in the future.  

With a PowerShell script, you would need to manually run it each time or set up a schedule using Task Scheduler or Azure Automation to mimic automation — but it wouldn’t be as seamless or integrated as an MCAS policy.

lfk73's avatar
lfk73
Brass Contributor
Mar 19, 2025

Thanks for the suggestion.  That's what I'm doing right now for new apps as they are added.  But I want to unsanctioned the existing 970 odd ones already in the cloud app catalogue.  Through the WebUI you can only do 20 at a time based on only being able to select 20 at a time and click unsanctioned.  Possible but time wasteful and tedious.

If there is a way to do all of them in MCAS Blade that's fine with me if you can explain how to do that.

Thanks.

Resources