cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Defender for Endpoint - Blocking Unsanctioned VPN Connections

SebastiaanR
Brass Contributor

‎Feb 10 2021 01:10 AM

‎Feb 10 2021 01:10 AM

Defender for Endpoint - Blocking Unsanctioned VPN Connections

Good day community,

 

Is there a way to prevent users from connecting to unsanctioned VPN services using Defender?

 

We have a Palo Alto solution that needs to be used, but we are seeing a heck of a lot of Impossible Travel activities in Cloud App Security suggesting that VPN services are used.

 

Would adding these connections to a custom indicator/detection list do the trick? Or is there a better/more preferred way to achieve this?

 

Thanks

2,711 Views
0 Likes
3 Replies
Reply
3 Replies
Thijs Lecomte

‎Feb 14 2021 04:15 AM

‎Feb 14 2021 04:15 AM

Re: Defender for Endpoint - Blocking Unsanctioned VPN Connections

Hi

An indicator or custom detection would be able to block these programs yes.

IMO, taking away local admin from these users would be a lot easier and a better solution in the long run
1 Like
Reply
challengelogic

‎Feb 14 2021 01:28 PM

‎Feb 14 2021 01:28 PM

Re: Defender for Endpoint - Blocking Unsanctioned VPN Connections

@SebastiaanR 

Interesting question, would be great to know how you get on mitigating that risk. thanks

0 Likes
Reply
SebastiaanR

‎Feb 15 2021 02:24 AM

‎Feb 15 2021 02:24 AM

Re: Defender for Endpoint - Blocking Unsanctioned VPN Connections

@Thijs Lecomte 

Thanks. I agree, the long-term solution would be to actually limit the installation of these programs to begin with.

 

I think we will end up creating the indicator to do the initial detection of these connections, and then transitions the devices across to be managed through policy.

 

It's definitely a pain in the backside!

0 Likes
Reply