To restrict cloud apps running on CLIENT1 (a Windows 10 endpoint) in compliance with Microsoft Defender for Endpoint (MDE) requirements, you must integrate Microsoft Defender for Endpoint with Microsoft Defender for Cloud Apps (formerly Cloud App Security) using Cloud Discovery. This integration enables the blocking of unsanctioned cloud apps through the endpoint’s network protection capabilities.
According to Microsoft Defender for Cloud Apps documentation, Cloud Discovery uses traffic data from Defender for Endpoint to identify and manage the use of shadow IT. The relevant steps include:
1️⃣ Enable advanced features in Microsoft Defender for Endpoint (M365 Defender portal → Settings → Endpoints → Advanced features).
You must enable the following advanced features:
Network protection (in block mode)
Custom network indicators (if applicable)These options allow Defender for Endpoint to share telemetry and enforce app restrictions received from Defender for Cloud Apps.
2️⃣ Configure Cloud Discovery settings in Microsoft Defender for Cloud Apps.
In the Defender for Cloud Apps portal, Cloud Discovery must be configured to receive continuous reports from Defender for Endpoint devices. Within these settings, you define sanctioned and unsanctioned applications. Once an app is marked as unsanctioned, Defender for Endpoint enforces blocking on all onboarded devices (like CLIENT1).
This two-part configuration ensures that MDE enforces the blocking of unsanctioned cloud applications discovered through Cloud App Security telemetry, fulfilling the business requirement that “All Cloud App Security unsanctioned apps must be blocked on the Windows 10 computers by using Microsoft Defender for Endpoint.”
