Feb 10 2021 01:10 AM
Good day community,
Is there a way to prevent users from connecting to unsanctioned VPN services using Defender?
We have a Palo Alto solution that needs to be used, but we are seeing a heck of a lot of Impossible Travel activities in Cloud App Security suggesting that VPN services are used.
Would adding these connections to a custom indicator/detection list do the trick? Or is there a better/more preferred way to achieve this?
Thanks
Feb 14 2021 04:15 AM
Feb 14 2021 01:28 PM
Interesting question, would be great to know how you get on mitigating that risk. thanks
Feb 15 2021 02:24 AM
Thanks. I agree, the long-term solution would be to actually limit the installation of these programs to begin with.
I think we will end up creating the indicator to do the initial detection of these connections, and then transitions the devices across to be managed through policy.
It's definitely a pain in the backside!