Share via

XDR - Cloud App Catalog - Mark Multiple Apps as Unsanctioned

viri4to 10 Reputation points
2025-10-02T17:03:20.74+00:00

Hi,

I am reviewing the complete Cloud Apps catalog that Microsoft maintains, which allows apps to be marked as sanctioned or unsanctioned. I would like, either via API or another method, to provide a list of apps (by name) and have them tagged or directly marked as unsanctioned.

This functionality would be useful for me to block a list of RMM tools obtained from lolrmm.io.

Is there a way to pass a list of apps to Defender for Cloud Apps and have them automatically tagged or marked as unsanctioned?

Thanks

Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud Apps
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jose Benjamin Solis Nolasco 6,256 Reputation points
    2025-10-03T12:51:09.6566667+00:00

    Hello Welcome to Microsoft Q&A,

    Well, there's two way I like to do it.

    1. Manual Tagging via Portal

    Navigate to Microsoft Defender for Cloud Apps portal.

    Go to Discovered Apps under Cloud Discovery.

    Use filters or search to locate apps (e.g., RMM tools from lolrmm.io).

    Select multiple apps and mark them as unsanctioned.

    This triggers integration with Microsoft Defender for Endpoint to block access via endpoint policies.

    1. Governance via Microsoft Defender for Endpoint
    • If Defender for Endpoint is integrated, unsanctioned apps can be blocked at the device level.
    • You can automate this using Endpoint DLP policies or custom indicators.

    😊 If my answer helped you resolve your issue, please consider marking it as the correct answer. This helps others in the community find solutions more easily. Thanks!

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.