cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MCAS -- desktop app onboarding domains

testuser7
Brass Contributor

‎Sep 30 2022 07:21 AM

‎Sep 30 2022 07:21 AM

MCAS -- desktop app onboarding domains

Hello,

I am trying to wrap "Azure Virtual Desktop" app through MCAS (Defender for Cloud Apps)
This app is accessible via browser at (https://client.wvd.microsoft.com/arm/webclient/index.html) and also available as Desktop-app on win10 box

 

First I tried to on-board the browser version as Conditional Access App Control based app so real-time monitoring and control capabilities can be done through access-policy and session-policy
When I hit it from browser, everything work as expected.
I got the app as featured-app in MCAS with domain=client.wvd.microsoft.com
I created on access-policy and block it.

 

Now comes the funny part.
I do not want any user using the using the desktop version of the app.
I had to manually on-board it as I got following domain sensed by MCAS

 

So my question is, Can we on-board non http domains ??
If yes, what should I configure in the following screen ??

 

 

 

 

 

Preview file
30 KB
561 Views
0 Likes
1 Reply
Reply
1 Reply
Keith_Fleming

‎Oct 03 2022 10:39 AM

‎Oct 03 2022 10:39 AM

Re: MCAS -- desktop app onboarding domains

@testuser7 generally I would expect these to be the same domain and but the method of access would be different.

Can you configure the app type to block the native client? Also, I'm not sure if this might be possible directly in AAD CA policy or not, but I would recommend checking here as well.

 

Keith_Fleming_0-1664818724868.png

 

0 Likes
Reply