Individual Power Apps Identification from 365 Defender?

%3CLINGO-SUB%20id%3D%22lingo-sub-2627567%22%20slang%3D%22en-US%22%3EIndividual%20Power%20Apps%20Identification%20from%20365%20Defender%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2627567%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20configured%20365%20Defender%20Settings%26gt%3BEndpoint%26gt%3BAdvanced%20features%26gt%3BCloud%20App%20security.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnd%20cloud%20app%20security%20is%20being%20fed%20from%20Defender%20but%20it%20has%20bundled%20the%20access%20to%20No.5%20Canvas%20Power%20Apps%20as%20one.%20Is%20that%20expected%20behaviour%2C%20is%20there%20no%20way%20to%20segregate%20Power%20Apps%20by%20their%20App%20ID%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%2C%20Richard%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2627567%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECloud%20App%20Security%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Occasional Contributor

Hi,

 

I have configured 365 Defender Settings>Endpoint>Advanced features>Cloud App security.

 

And cloud app security is being fed from Defender but it has bundled the access to No.5 Canvas Power Apps as one. Is that expected behaviour, is there no way to segregate Power Apps by their App ID? 

 

Thanks, Richard

1 Reply

@Richard Collins 

That often occurs when the URL schemes of the apps are intertwined, because MDCA's App Catalog works based on URLs. If you look at the domain property of the Power Apps app in the catalog, you will see the URL patterns that it considers a match for that app.  (Screenshot below.)  Cloud app discovery is based on web log data which gives the URL accessed, not the app ID, which is in the identity plane.  The result is that if you block an app like Power Apps with MDCA and MDE integration, for example, it will block all access to URLs matching that pattern.

 

 

JaredPoeppelman_0-1638808025235.png

 

 

www.000webhost.com