Block Access to Unsanctioned Apps with MDATP and MCAS [EN]

News Informatique

Block Access to Unsanctioned Apps with MDATP and MCAS [EN]

This new feature leverages Microsoft Defender ATP network protection in block mode ensuring the protections are in place wherever the device’s location.

Prerequisites

Integration

In Microsoft Defender Security Center under Settings > Advanced features, enable Microsoft Cloud App Security integration:

clipboard_image_2.png

In Microsoft Defender Security Center under Settings > Advanced features, enable Custom network indicators:

clipboard_image_3.png

In the Microsoft Cloud App Security portal under Settings > Microsoft Defender ATP, mark the checkbox to enable blocking of endpoint access to cloud apps marked as unsanctioned in Cloud App Security:

clipboard_image_4.png

Result

By tagging apps in Cloud App Security as unsanctioned, those risky app domains are then pushed to Microsoft Defender ATP as custom network indicators (it can take 2 hours)

This is a single-click control that can significantly improve security posture and save time.

clipboard_image_0.png

The corresponding URL/Domains Indicators will appear in the “Microsoft Defender ATP Indicators” setting page under URLs/Domains tab.

clipboard_image_0.png

When the user next attempts to access the unsanctioned app, they will be blocked by Windows Defender SmartScreen, and will not able to access the requested cloud resource.

clipboard_image_1.png

Note

  • It takes up to two hours after you tag an app as Unsanctioned for app domains to propagate to endpoint devices.
  • By default, apps and domains marked as Unsanctioned in Cloud App Security, will be blocked for all endpoint devices in the organization.
  • Currently, full URLs are not supported for unsanctioned apps. Therefore, when unsanctioning apps configured with full URLs, they are not propagated to Microsoft Defender ATP and will not be blocked. For example, google.com/drive is not supported, while drive.google.com is supported.
  • In-browser notifications may vary between different browsers.

 

0 28 January 2020
AzureMCASMDE

No Comments

Add your comment

Thibault CHÂTIRON

Expert Sécurité

À propos de moi

Follow Blog via Email

Enter your email address to follow this blog and receive notifications of new posts

Categories
AADConnect AIP Application Guard Azure Azure ATP Blockchain Conditional Access Copilot Delve DLP eDiscovery EntraID ethereum Exchange Online Graph API Guest Hello For Business Information barriers Insider Risk Management Intune MCAS MDE MDI MDO MFA Microsoft 365 Microsoft Threat Protection Non classé OneDrive Passwordless Prim'X Purview Sentinel SharePoint Online Solidity SSPR Windows Zed
Recent Posts
January 2020
M T W T F S S
 12345
6789101112
13141516171819
20212223242526
2728293031  
Categories
Archives

©  2024 Thibault Chatiron