Summary

Blocking cloud applications for users and/or groups. This is something organizations want to allow say Dropbox or Netflix for a set of users.

Prerequisites

• Conditional Access Application Control
• Import Entra Groups into Cloud Apps

Steps to block cloud applications

1. Navigate to Defender XDR
2. Navigate to Cloud Apps > Policies > Policy Management > Create Policy > Access Policy
3. Give your policy a name for example "Block Access to app for users/groups"
4. Delete Device under "Activities matching all of the following" and add User > Name or From Group > equals > "The user or group you want to block"      Note: Alternatively: You can block this for everyone except for a Group of users. This would be like blocking Netflix for everyone except for Netflix_Allow_Group.
5. Under Actions select Block.

• Note: You can add a custom message if you like.

6. I would strongly recommend turning off Alerts for this policy so you are not spammed with alerts that you would just have to close. You can do reporting data in Advance Hunting if you want to see the data.

7. Save Policy

• Note the policy will take effect next time you close the sessions and re-establish a connection. It will NOT apply to current sessions.