Nov 01 2022 06:25 AM
Guys, I want to know if I can use MCAS to prevent browsing from outdated browsers.
In short, if the browser vendor is on version 100, but the clients are on version 95, I want to prevent them from going out to the internet.
Does anyone know of any cyber Microsoft solution that can support me?
Nov 01 2022 07:19 AM
@oluaphenriquesilva you could do this partially with an access policy, but it will only be for applications where session control is enabled.
There might be more control options in Intune to force a browser update but I'm not 100% sure though
Nov 01 2022 07:54 AM
Defender for endpoint would likely have more insight into the user-agent string used by the browser.
I would run a kql query in Defender and round up all of the devices with a given user agent.
If you're using Sentinel you could use a playbook to isolate the machine automatically or do it manually in the Defender UI.