Suddenly, I'm being redirected and told via splash screen that I'm being monitored. It looks like this
Access to Microsoft SharePoint Online is monitored.
For improved security, your organization allows access to Microsoft SharePoint Online in monitor mode. Access is only available from a web browser. Continue to Microsoft SharePoint Online
Issue: This completely blocks affected users from using custom apps. Any SharePoint REST request is blocked by a 403 Access Denied error. I've poked around the security settings as described in the above linked docs, but there really isn't much detail. It mentions "finding the affected user and disabling monitoring":
To disable monitoring, you have to browse to the Microsoft Cloud App Security page, select the activity log, and then search for the affected users. After you locate the policy, you can either disable the policy or remove the users from the group so that the policy no longer affects them.
I see no option to do this anywhere. At this point I can't even prove this is the direct cause, I'm only assuming because the issue seemed to occur after I've been notified I'm being monitored.
-How can I turn off monitoring and is it the right thing to do?
-Can anyone confirm that a policy being triggered is actually what's blocking my REST requests?