Windows Information Protection with Enrollment

Windows Information Protection with Enrollment

After a bit of recent investigate App Protection policies I have noticed a large chunk of information missing from Microsoft resources and other blog posts. I have recently experienced an issue where network boundaries were not configured correctly and I had to ensure that all applications that were being protected do not experience any issues access corporate resources.

It is recommended to use the following when adding a network boundary.

TypeNameValue
Cloud ResourcesOffice 365portal.office.com|tasks.office.com|protection.office.com|meet.lync.com|teams.microsoft.com
Cloud ResourcesOutlook Onlineoutlook.office.com|outlook.office365.com
Cloud ResourcesAppCompat/*AppCompat*/
Cloud ResourcesSharePointcontoso.sharepoint.com|contoso-my.sharepoint.com|contoso-files.sharepoint.com
Neutral ResourcesNeutrallogin.windows.net,login.microsoftonline.com
Cloud ResourcesYammerwww.yammer.com|yammer.com|persona.yammer.com
Intune App Protection – Advanced settings

This will provide all the required boundaries relevant to most Microsoft deployments.

Regards
The Author – Blogabout.Cloud

Enabling Conditional Access App Control for featured apps

Enabling Conditional Access App Control for featured apps

Cloud App Security offers the ability to leverage Conditional Access for Exchange Online and SharePoint Online but how do we configure this functionality?

Let’s start with your Azure Portal and browse to Conditional Access –> New Policy

Conditional Access

So as I previously mentioned this control only works for Exchange Online and SharePoint Online so you will need to select;

– Office 365 Exchange Online
– Office 365 SharePoint Online

Cloud apps

Under Session, you need to select Conditional Access App Control and as you can see below we only have 3 options

– Monitor only (Preview)
– Block downloads (Preview)
– Use custom policy…

Session

For the purpose of this post, I am going to just Monitor what happening their Cloud App Security to discover what’s happening within my tenancy.

Once the policy is enabled, sign into Exchange Online or SharePoint Online and you will be welcome by the below message. This demonstrates that Conditional Access App Control is now in place.

Welcome to Conditional Access App Control

From you Cloud App Security console you will be able to see this activity and all future activities

Conditional Access App Control

Regards,
The Author – Blogabout.Cloud