MDCA(MCAS) API - Get list of sanctioned/unsanctioned apps with app name included

Daniel Birrell 41 Reputation points

Hi All,

I am looking at automating a task that we are currently performing manually for a client.

We utilise MDCA and the client receives an extract from the MDCA portal showing all sanctioned/unsanctioned apps for the past 30 days.

We want to automate this from the relevant API to Azure container storage via a runbook. I have successfully achieved this with lots of other data from various API's.

So far I have been able to get a 'count' of sanctioned and unsanctioned apps using the following URI


With this I see the following response

"data": [


  "id": "Sanctioned",       

  "count": 4



  "id": "Unsanctioned",

  "count": 1



  "id": "None",

  "count": 284



There does not seem to be a name property here for me to query.

I have been able to query and app discovery policy using the following URI


That produces the following response

_id : 65fb43f6800591865cb4808b

enabled : True

templateId :

enableAlerts : True

alertDailyLimit : 5

alertSeverity : {0, LOW}

alertEmailRecipients : {}

useSpecificStreams : False

streamIds :

thresholds :

score : @{min=1; max=10; showUnassessed=True}

selectedHq : {}

selectedDc : {}

consoleFilters : {}

isSanctioned : False

isUnsanctioned : False

isMonitored : False

isRestricted : False

hasCustomTags : False

chosenCustomTags : {}

policyType : NEW_SERVICE

name : test

dbQuery : {"active": true}

lastModified : 1710965750177.6

lastUserModified : 1710965750177.6

stories : {4}

msFlowCheckboxChecked : False

msFlowId :

tagFilter :

actions :

_tid : 95075413

Again though still no property for app named etc.

Has anyone been able to get this info from the relevant API? The documentation is lacking.

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,515 questions
Microsoft Defender for Cloud Apps
Microsoft Defender for Cloud Apps
A Microsoft cloud access security broker that enables customers to control the access and use of software as a service apps in their organization.
102 questions
0 comments No comments
{count} votes