CAS / MIP / DLP Secure Whatsapp session

%3CLINGO-SUB%20id%3D%22lingo-sub-2350000%22%20slang%3D%22en-US%22%3ECAS%20%2F%20MIP%20%2F%20DLP%20Secure%20Whatsapp%20session%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2350000%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20guys%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20looking%20for%20a%20way%20to%20enable%20users%20from%20my%20company%20to%20use%20whatsapp%20web%20and%20control%20the%20session%20using%20CAS%2C%20MIP%20and%20DLP%20to%20prevent%20data%20exfiltration%2C%20is%20there%20a%20way%20to%20do%20that%3F%3CBR%20%2F%3E%3CBR%20%2F%3EI'm%20new%20to%20that%20solutions%20and%20wasn't%20able%20to%20find%20any%20documentation%20about%20that.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ethanks%20a%20lot!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2350000%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECloud%20App%20Security%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2360128%22%20slang%3D%22en-US%22%3ERe%3A%20CAS%20%2F%20MIP%20%2F%20DLP%20Secure%20Whatsapp%20session%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2360128%22%20slang%3D%22en-US%22%3EHi%20Pradocn%2C%3CBR%20%2F%3E%3CBR%20%2F%3EPotentially%20you%20might%20want%20to%20use%20MCAS%2C%20set%20WhatsApp%20as%20a%20sanctioned%20App.%3CBR%20%2F%3EYou%20can%20%22Edit%20App%20Details%22%20and%20this%20will%20allow%20you%20to%20check%20a%20box%20%22Use%20with%20Conditional%20Access%20App%20Control%22.%20This%20should%20then%20allow%20you%20to%20create%20a%20%22Session%20Policy%22%20to%20block%20uploads%20via%20Conditional%20Access.%3CBR%20%2F%3E%3CBR%20%2F%3EThere%20is%20also%3A%3CBR%20%2F%3Eportal.cloudappsecurity.com%2F%23%2Fpolicy%2Fdiscovery-anomaly%2F5e8f4921a11d96a098280ac4%3CBR%20%2F%3EUse%20the%20%22App%20Tag%22%20to%20create%20a%20specific%20tag%20called%20%22WhatsApp%22%20and%20apply%20it%20-%20this%20way%20it%20can%20be%20targeted%20specifically%20to%20WhatsApp%20instead%20of%20either%20Sanctioned%20or%20Unsanctioned%20Apps%3CBR%20%2F%3ESee%20how%20you%20go%20from%20there%3F%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2441116%22%20slang%3D%22en-US%22%3ERe%3A%20CAS%20%2F%20MIP%20%2F%20DLP%20Secure%20Whatsapp%20session%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2441116%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F129396%22%20target%3D%22_blank%22%3E%40David%20Caddick%3C%2FA%3E%26nbsp%3Bthanks%20for%20the%20reply!%3CBR%20%2F%3E%3CBR%20%2F%3EI%20did%20as%20you%20told%20me%2C%26nbsp%3B%3CSPAN%3Eset%20WhatsApp%20as%20a%20sanctioned%20App%20and%20checked%20%22Use%20with%20Conditional%20Access%20App%20Control%22%3A%3C%2FSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22pradocn_0-1623444915546.png%22%20style%3D%22width%3A%20658px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F288168i88F25A1C6E1CE653%2Fimage-dimensions%2F658x206%3Fv%3Dv2%22%20width%3D%22658%22%20height%3D%22206%22%20role%3D%22button%22%20title%3D%22pradocn_0-1623444915546.png%22%20alt%3D%22pradocn_0-1623444915546.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22pradocn_1-1623445001311.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F288169i6292528397F25CF5%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22pradocn_1-1623445001311.png%22%20alt%3D%22pradocn_1-1623445001311.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBut%20when%20I%20try%20to%26nbsp%3B%3CSPAN%3Ecreate%20a%20%22Session%20Policy%22%20to%20block%20uploads%20via%20Conditional%20Access%20whatsapp%20it%20is%20not%20available.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22pradocn_2-1623445217914.png%22%20style%3D%22width%3A%20510px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F288171i19C938FFD711E84F%2Fimage-dimensions%2F510x317%3Fv%3Dv2%22%20width%3D%22510%22%20height%3D%22317%22%20role%3D%22button%22%20title%3D%22pradocn_2-1623445217914.png%22%20alt%3D%22pradocn_2-1623445217914.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBest%20regards%2C%3C%2FP%3E%3CP%3EArthur%20Prado%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

Hello guys,

 

I am looking for a way to enable users from my company to use whatsapp web and control the session using CAS, MIP and DLP to prevent data exfiltration, is there a way to do that?

I'm new to that solutions and wasn't able to find any documentation about that.

 

thanks a lot!

2 Replies
Hi Pradocn,

Potentially you might want to use MCAS, set WhatsApp as a sanctioned App.
You can "Edit App Details" and this will allow you to check a box "Use with Conditional Access App Control". This should then allow you to create a "Session Policy" to block uploads via Conditional Access.

There is also:
portal.cloudappsecurity.com/#/policy/discovery-anomaly/5e8f4921a11d96a098280ac4
Use the "App Tag" to create a specific tag called "WhatsApp" and apply it - this way it can be targeted specifically to WhatsApp instead of either Sanctioned or Unsanctioned Apps
See how you go from there?

@David Caddick thanks for the reply!

I did as you told me, set WhatsApp as a sanctioned App and checked "Use with Conditional Access App Control":pradocn_0-1623444915546.png

pradocn_1-1623445001311.png

 

But when I try to create a "Session Policy" to block uploads via Conditional Access whatsapp it is not available.

 

pradocn_2-1623445217914.png

 

Best regards,

Arthur Prado