Unsanctioning an app doesn't block use, but enables you to more easily monitor its use with the Cloud Discovery filters. You can then notify users of the unsanctioned app and suggest an alternative safe app for their use, or generate a block script using the Defender for Cloud Apps APIs to block all unsanctioned apps.
https://learn.microsoft.com/en-us/defender-cloud-apps/governance-discovery#sanctioningunsanctioning-an-app
If you unsanction an app, the next message is shown: "Tag as unsanctioned?
Apps with the Unsanctioned tag will be blocked by Microsoft Defender for Endpoint. Configure the integration settings here".
How does unsanctioning an app which effectively block access to the app give you an insight to which users access it on their device? i dont see how D is the answer to this question. I believe creating a CLOUD APP ACCESS POLICY is what is needed.
Please correct me if i am wrong
Yes B is the answer. Create a Defender for Cloud Apps access policy:
Creating a Defender for Cloud Apps access policy allows you to define conditions and settings to monitor and control access to specific cloud applications, such as Facebook. This approach helps you gain insights into user activities related to Facebook without immediately blocking or unsanctioning the application.
Answer D) From the Microsoft Defender for Cloud Apps portal, unsanction Facebook.
https://learn.microsoft.com/en-us/defender-cloud-apps/governance-discovery#sanctioningunsanctioning-an-app
You can mark a specific risky app as unsanctioned by clicking the three dots at the end of the row. Then select Unsanctioned. Unsanctioning an app doesn't block use, but enables you to more easily monitor its use with the cloud discovery filters.
I'm going B - In response to those saying D because of administrative effort: Why Access Policy Minimizes Administrative Effort:
Automated Monitoring: Once the access policy is set up, it automatically tracks and logs user activity, reducing the need for manual monitoring.
Real-Time Alerts: Access policies can be configured to provide real-time alerts on specific activities, enabling proactive management.
Comprehensive Reporting: Provides detailed reports on user activity, making it easier to identify and analyze usage patterns.
In comparison, unsanctioning Facebook (option D) would involve more ongoing manual effort to monitor and interpret usage data without the same level of automation and control.
o identify which users are accessing Facebook from their devices and browsers while minimizing administrative effort, you should first:
B. Create a Defender for Cloud Apps access policy.
A Defender for Cloud Apps access policy allows you to monitor and control user activities in cloud apps, including identifying access to unsanctioned apps like Facebook. By creating this policy, you can track user access to Facebook and enforce conditional rules if necessary.
B. Create a Defender for Cloud Apps access policy to monitor Facebook access.
This policy will track user activity on Facebook without needing extensive configuration on individual devices.
1. Unsanctioning Facebook (Discovery):
This is the first step to enable monitoring.
Log in to the Microsoft Defender for Cloud Apps portal.
Navigate to Cloud Apps and then Governance.
Locate Facebook in the list of apps.
Click the three dots next to Facebook and select Unsanctioned.
yall are stupid asf. its D. read MS documentation before coming in here and giving wrong answers like little monkeys
https://learn.microsoft.com/en-us/defender-cloud-apps/governance-discovery#sanctioningunsanctioning-an-app
Correct Answer is D:
Sanctioning/unsanctioning an app: You can mark a specific risky app as unsanctioned by clicking the three dots at the end of the row. Then select Unsanctioned. Unsanctioning an app doesn't block use, but enables you to more easily monitor its use with the Cloud Discovery filters. You can then notify users of the unsanctioned app and suggest an alternative safe app for their use, or generate a block script using the Defender for Cloud Apps APIs to block all unsanctioned apps.
https://learn.microsoft.com/en-us/defender-cloud-apps/governance-discovery#sanctioningunsanctioning-an-app
I mean it does say here on the Microsoft page itself that "Unsanctioning an app doesn't block use, but enables you to more easily monitor its use with the Cloud Discovery filters." Therefore I am leaning more to answer D. https://learn.microsoft.com/en-us/defender-cloud-apps/governance-discovery#sanctioningunsanctioning-an-app
Unsanctioning doesn't auto block it, so I don't think you're correct - https://learn.microsoft.com/en-us/defender-cloud-apps/governance-discovery#sanctioningunsanctioning-an-app
such a stupid question. First you can see it anyway dont need to unsanctioned the app. I can add a random Tag too.
If you have MDE Integration, what you normal have if you are using CAS. Then you block unsancitoned apps automaticlly. If you enable network proteciton it will block it in all browser.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
kanag1
Highly Voted 1 year, 7 months agoAlcpt
10 months agoDoinitza
1 year, 1 month agoMacDanorld
Highly Voted 1 year, 3 months agoAlcpt
10 months agoHaerenhal
1 year, 3 months agoYesPlease
Most Recent 2 days, 13 hours agovixxx83
4 months agoLabelfree
4 months agoMatt19
5 months, 1 week agohml_2024
6 months, 1 week agorameshms85
11 months agoklayytech
11 months agoklayytech
11 months agoKRISTINMERIEANN
11 months, 1 week ago337257e
12 months agoSiraf
1 year agojbraxton7
1 year, 1 month agoSneekygeek
1 year, 1 month ago[Removed]
12 months agocpaljchc4
1 year, 1 month agoACSC
1 year, 5 months agoLogitech
1 year, 5 months ago