cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Disable Defender for Cloud Apps alerts

VolkerRacho
Copper Contributor

‎Nov 24 2023 01:00 AM - edited ‎Nov 24 2023 01:14 AM

‎Nov 24 2023 01:00 AM - edited ‎Nov 24 2023 01:14 AM

Disable Defender for Cloud Apps alerts

Hi all, 

 

we just enabled Defender for Cloud Apps in our environment (about 500 clients). 

We started with setting about 300 apps to "Unsanctioned".

 

Now we get flooded with alerts. Mainly "Connection to a custom network indicator on one endpoint" and "Multi-stage incident on multiple endpoints" when an URL is blocked on more clients.

 

DfCA.jpg

 

Is there a possibility to disable the alerts for this kind of blocks?

I tried creating a supression rules, but didnt manage to get it working. Dont know if it is not possible or if I made a mistake.

As the Defender for Cloud Apps just creates a Indicator for every app i want to block I could click every single Indicator and disable the alert there. But thats a few hundred Indicators and we plan to extend the usage.

Can I centrally disable alerts for custom indicators?

 

Thanks & Cheers

Labels:
1,451 Views
0 Likes
1 Reply
Reply
1 Reply
LeonPavesic

‎Nov 24 2023 02:32 AM

‎Nov 24 2023 02:32 AM

Re: Disable Defender for Cloud Apps alerts

Hi @VolkerRacho,

Here are steps to disable these alerts:

  1. For a tenant-wide disable, navigate to MDE > Defender for Cloud Apps > Discovery > Discovered Apps and set the specific app to "Sanctioned".

  2. To disable alerts for a specific Device Group, go back to the MDE > Defender for Cloud Apps > Discovery > Discovered Apps section, set the app to "Unsanctioned," and when the "Tag as unsanctioned?" dialog box appears, select the specific Device Group.

help.redcanary.com
Manage security alerts - Microsoft Defender for Cloud | Microsoft Learn
Control cloud apps with policies - Microsoft Defender for Cloud Apps | Microsoft Learn

Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.


If the post was useful in other ways, please consider giving it Like.


Kindest regards,


Leon Pavesic
(LinkedIn)

0 Likes
Reply