MCAS -- desktop app onboarding domains

Brass Contributor


I am trying to wrap "Azure Virtual Desktop" app through MCAS (Defender for Cloud Apps)
This app is accessible via browser at ( and also available as Desktop-app on win10 box


First I tried to on-board the browser version as Conditional Access App Control based app so real-time monitoring and control capabilities can be done through access-policy and session-policy
When I hit it from browser, everything work as expected.
I got the app as featured-app in MCAS with
I created on access-policy and block it.


Now comes the funny part.
I do not want any user using the using the desktop version of the app.
I had to manually on-board it as I got following domain sensed by MCAS


So my question is, Can we on-board non http domains ??
If yes, what should I configure in the following screen ??






1 Reply

@testuser7 generally I would expect these to be the same domain and but the method of access would be different.

Can you configure the app type to block the native client? Also, I'm not sure if this might be possible directly in AAD CA policy or not, but I would recommend checking here as well.