Jul 02 2024 02:27 AM
Hi Folks,
I'm evaluating the following Policy in MCAS: Block upload based on real-time content inspection
Here the details of the policy:
User Name equals "UPN"
App equals "Microsoft Online Services"
Filters: Extension equals *.ps1
Actions: Block
Everything works as expected using Microsoft Web-Based interfaces.
I'm able to bypass the above rule while using Microsoft Teams Client (fat client)
Any Idea/Suggestion ?
Jul 02 2024 03:52 AM
Jul 02 2024 04:46 AM
The goal is not to whitelist/blacklist applications but rather to block the upload of certain File Types only.
Today the only possibility you have to achieve it is the use Defender for Cloud Apps (as per Microsoft statement - not mine ).
However the available Apps in the Defender suite only includes "Microsoft Online Services" which is indented for web-based use and it is working fine actually (no issue with that)
However, Microsoft Teams client is left behind or not considered by the Defender PG.
Teams client is interacting with other workloads like SharePoint/OneDrive using the same web-based API so I'm expecting the MCAS policies to be honored in the same way.
Jul 11 2024 06:45 AM