Summary

These reports will export the sanctioned and unsanctioned domains in Defender for Cloud Apps. I cheated a little and used the generate block script in Zscaler format to get these files as it is the only current way to do this.

Sample of output from Sanctioned Report:

Sample of output from unsanctioned Report:

Prerequisites

• Defender for Cloud Apps Token

Note: Please see the screenshot below to generate API Token for Cloud Apps

• Tenant Name
• Tenant Region

Note: The API is where you find the Tenant Name and Region. Please see screenshot below

Script files:

• MDA-UnsanctionedApps
• MDA-SanctionedApps

References

• api-discovery-script