Microsoft Defender for Endpoint

Integrate MDE with MDCA, this is different from the MDCA integration in MDE Advanced features.

Enforce app access

Warning

Make sure you don't have any unsanctioned apps or are okay with them being blocked before enabling this setting. I usually recommend people enable this setting prior to doing any unsanctioning, even if you don't plan to unsanction some apps. I have seen environments with 100s of unsanctioned apps before that had to be reviewed because apps were tagged without this integration enabled.

Enabling this will block access to unsanctioned cloud apps by using MDE indicators. The indicators will be for all domains associated with the cloud apps, this is usually pretty comprehensive. If you have any apps tagged as monitored the user will receive a warning and have the option to click through to the cloud app.

Tip

This setting can take 30 minutes to take effect, make sure you have enabled custom indicators in MDE if it is not working after 30 minutes.

The blocking of cloud apps, and warning messaging only works in Microsoft Edge. If you have enabled Network protection cloud apps will be blocked in other browsers and non-browser activities like in PowerShell.

Alerts

MDCA will start sending alerts over to MDE when a user attempts to access unsanctioned cloud apps, configure the severity of that alert here.

User notification

You can customize both the monitored app warning message and the blocked app message by specifying a URL. You can also specify a bypass period length for monitored apps.

Question

If using a custom URL, can a user still bypass the monitored app warning?