Skip to main content

Blocking access to Cloud apps by integrating Microsoft Cloud App Security with Microsoft Defender Advanced Threat Protection

Microsoft has quietly introduced the option to automatically block connections to unsanctioned cloud apps from the Microsoft Cloud App Security (MCAS) console. This is accomplished by integrating MCAS with Microsoft Defender Advanced Threat Protection (MDATP).

Based on the information available in Cloud App Security, the app’s domains are used to create domain indicators in the Microsoft Defender ATP portal. Within Windows Defender the Exploit Guard Network Policy option is used to block the access to the URLs. This will eventually result in the following notification sent to the user.

Windows 10 Notification

In this blog post I will explain how to setup this functionality when Microsoft Intune is used and what the behavior is within Windows 10. This assumes that you are licensed for both MCAS and MDATP, in my case by using a Microsoft365 E5 license.

Read More

Extending Conditional Access to Microsoft Cloud App Security using Conditional Access App Control

In my blog article series on Conditional Access Demystied I mentioned that Conditional Access can be used to route sessions toward Microsoft Cloud App Security (MCAS). In this article I will go into more detail on what MCAS is, and how to setup Conditional Access App Control.

Disclaimer: This article discusses the full option MCAS product, there are some other flavors providing partial functionality like Office 365 Cloud App Security and Cloud App Discovery (CAD). For information about licensing, see the Microsoft Cloud App Security licensing datasheet.

What is Microsoft Cloud App Security (MCAS)?

Read More