While MCAS is great for Cloud Discovery and enforcing policy, how do you go about sanctioning/unsanctioning apps appropriately? One of the pain-points we're facing is that while it may say user x uploaded 50mb to app hosting provider 5, we don't know what actual URLs/web-apps are tied to hosting provider 5. When you look at an application in MCAS, you get the general URLs for the application... i.e. hostingprovider5.com/login.aspx. This doesn't help understand what URLs the user is hitting though, which could be legitimate sites, that we may then block incidentally, because we don't have the underlying information.

Am I wrong? Can someone help me understand their process for investigating these alerts and/or sanctioning/unsanctioning apps?