Applies to: Microsoft Cloud App Security
Govern discovered apps
After you have reviewed the list of discovered apps in your environment, you can secure your environment against unwanted app use in the following ways.
Sanctioning/unsanctioning an app
You can unsanction a specific risky app by clicking the three dots at the end of the row and selecting Unsanction. Unsanctioning an app doesn't block use, but enables you to more easily monitor its use with the Cloud Discovery filters. You can then notify users of the app that it has been unsanctioned and suggest an alternative, safe app for their use.
If you have a list of apps you want to sanction or unsanction, you can use the checkbox to select all the apps you want to manage, and then select the action.
To query a list of unsanctioned apps, you can generate a block script using the Cloud App Security APIs.
Export a block script to govern discovered apps
Cloud App Security enables you to block access to unsanctioned apps by leveraging your existing on-prem security appliances. Generate a dedicated block script and import it to your appliance. This solution does not require redirection of all of the organization's web traffic to a proxy.
In the Cloud Discovery dashboard, tag any apps you want to block as Unsanctioned.
In the title bar, click on the three dots and select Generate block script....
In Generate block script, select the appliance you want to generate the block script for.
Then, click the Generate script button. This will create a block script for all your unsanctioned apps. By default, the file will be named with the date on which it was exported and the appliance type you selected, for example 2017-02-19_CAS_Fortigate_block_script.txt
Import the file created to your appliance.