Request user justification

Respected Contributor

If we have a policy to monitor apps, that allows users to bypass for a few hours, how can we gather justification from them so that we can understand why they need to bypass?

3 Replies
Hi Dean,

In this case are you referring to monitoring a session through access control / session policy "or" discovery and MDE integration with custom indicators?
Monitoring a session through access control
When using access or session policies there currently isn't a way to allow end users to temporarily bypass. This would be decided based on the CA policy configured in AAD and corresponding access/session policies in MDCA.

There is an option to bypass for administrators, but this is meant more for troubleshooting and onboarding of new applications though.

https://docs.microsoft.com/en-us/defender-cloud-apps/proxy-deployment-any-app#prerequisites