Forum Discussion
Disable Defender for Cloud Apps alerts
Hi all, we just enabled Defender for Cloud Apps in our environment (about 500 clients). We started with setting about 300 apps to "Unsanctioned". Now we get flooded with alerts. Mainly "Co...
Hello,
This is actually documented by Microsoft as a current limitation. When indicators are synced from MDCA to MDE, the settings are overwriten. For unsanctionned apps, Generate alert is enabled by default and even if you turn it off, it will be re-enabled because MDCA policy takes precedence. For sancionned apps, alerts are disabled.
https://learn.microsoft.com/en-us/defender-endpoint/indicators-overview
Just check the paragraph right above "Known issues and limitation"
As a temporary fix, we use a suppression rule.
Thanks,
Moetaz RABAI