Block Cloud Apps using Defender for Cloud Apps
This is useful for blocking certain SaaS apps like Dropbox, Otter.ai, Read.ai etc.
Config
From the Defender settings > Endpoints
Have to toggle on "Custom network indicators" and "Microsoft Defender for Cloud Apps"
How to Sanction, Unsanctioned or Monitor Cloud Apps
Sanction = Allow
Unsanctioned = Blocked
Monitored = Blocked but allows user to bypass. Gives warning that it is blocked but they can click allow to bypass.
- Navigate to Defender portal
- Click on "Cloud app catalog".
- You will then be able to see thousands off applications which Microsoft have rated with a risk score. It will display useful information as to why its rated as it is. Information such as has it ever had a data breach, does it support MFA, ISO Accreditations and much more.
- Here is example of a poor one.
- Simply click the Sanction, Unsanctioned or Monitor on the app and it will mark it.
Sanctioned
Unsanctioned
Monitored - Once this is done you can see the blocked apps under indicators from here.
- It can take up to a few hours for the changes to apply but should look something like below.
Example of a monitored app block where it lets the user click "allow"