Block SaaS Apps w/ Power Automate + Defender for Endpoint + Defender for Cloud Apps!
Вставка
- Опубліковано 12 лип 2022
- How can you email the SecOps team when a new SaaS app is discovered, AND give them the option to allow or block automatically? Watch to find out...!
Here's the JSON schema I show in the video, special thanks to the individuals that helped me with this!
{
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"AppId": {
"type": "integer"
},
"Name": {
"type": "string"
},
"Domains": {
"type": "array",
"items": {
"type": "string"
}
}
}
} - Наука та технологія
Mind blowing, thanks for the insight!
Cool stuff! Thanks Matt
its valuable! keep them coming .....thanks
Possible to detect maisl send with x amount of cc'd users and athorize/unauthorize sending of the mail? Our organization is looking for this feature due to mail storms and privacy concerns.
Now as the demo discovered both Drift and Slack, how will the response action be? Will it approve both apps? I think having a single mail for every application would be more useful.
You can have a single mail for each discovered application, just edit the PowerAutomate and For Each loop appropriately.
Will this block the Slack desktop app as well?
If the app attempts to connect to the domains that get added as IOCs in MDE, then it will be blocked.