How to setup Defender for Cloud Apps Session Control

Рет қаралды 4,318

Doug Does Tech

Күн бұрын

Пікірлер: 18

@danaknox3395 Ай бұрын

Would love if you covered using the managed Edge browser feature! Great job on the content!

@slartibartfastlunkwill5790 6 ай бұрын

Good to see you're back to making videos.

@lasolution365 6 ай бұрын

Thank you very much for these videos, it has been really helpful. You are one of the best instructor I watch. Thanks again.

@DougDoesTech 6 ай бұрын

Hey so glad it was helpful! and thank you for the compliment!

@aadilkarolia 5 ай бұрын

Thank you for this video, it was really helpful. I was struggling to find an end-to-end guide in a single video/article. Appreciate this 🙂

@atulpathare2775 4 ай бұрын

Thanks a bunch for this Video, Really you explain very well

@NDSLAB 4 ай бұрын

Good Stuff! Keep doing all the MS Security stuff.

@sielfis9601 Ай бұрын

Thank you for this video, it really helpful. But i have questioned of Block Downloads, on section Files matching all of the following that have sensitivity labels filter. Is that filter to specific prevent user to block download files that applied those sensitivity labels?

@angelcardenas4266 6 ай бұрын

Me fue de mucha utilidad, gracias! Nuevo suscriptor

@SA-hu9sp 4 ай бұрын

would this work for apps like Slack or Google Workspace? for example, if I’m trying to restrict a non compliant device (managed via intune) from being able to access corp apps like the ones mentioned + 365 apps, are session policies or access control policies the solution?

@DougDoesTech 4 ай бұрын

Yes it would work for slack and google workspace. For that use case if you are using defender for cloud apps use the access policy. As that will cover the largest scenarios for those.(slack thick client) session policy would only work on web access. However, the best way to handle this is probably a ca policy that requires the device to be compliant. Look up my Secure Endpoint video on CA. May give you some ideas.

@kjhgliuguiug 4 ай бұрын

I haven't been able to get Device Exclusions to work in the CA policy. When trying to exclude Compliant devices, specifically, the Conditional Access App Control policy is applied regardless. As a result, I'm getting stumped trying to allow downloads from Exchange Online on compliant devices. We're not hybrid and it's looking the only solution is going to be with certificates. Have you seen this issue?

@DougDoesTech 4 ай бұрын

If you are using chome make sure you have the Microsoft sso extension installed. Also make sure you are signed into the machine as an entra if user.(not a local machine user) if none of those work check the dsregcmd status.

@ehabgalal9181 6 ай бұрын

Hi, What is the value of adding the admin user in onboarding page ? I don’t have one configured and I was able to onboarding the app

@DougDoesTech 6 ай бұрын

Many times you don’t need it. But if something doesn’t go right or work you have some of the diagnostic tools you need to fix the app. learn.microsoft.com/en-us/defender-cloud-apps/proxy-deployment-any-app

@ehabgalal9181 6 ай бұрын

@@DougDoesTech Thank you for your clarification. One more point please We have custom mobile app that using azure ad for authentication. We have tried to onboard it to MCAS but it seems it didn’t So, is the MCAS support only web not mobile app

@DougDoesTech 6 ай бұрын

As far as I know session policy’s like blocking download can only be applied to web based sessions. You can use access policy to control access to mobile and desktop apps. But it won’t do the block download type controls.