Hello @LM-5132
There is no logical mapping between a company name and a domain.
As such, you would need a 'research step' of some method in order to identify the domain.
Defender for Cloud Apps contains a library of many companies and their web sites, so it may be possible to use this (or some other tool) to match companies to domains.
Once you've performed the match, you can flag these organizations as 'unsanctioned' and then perform blocking at the endpoint based on that tag.
Here are some steps related to the above suggestions.
- Use Cloud Discovery to identify apps
Go to Defender for Cloud Apps portal > Discover > Cloud Discovery dashboard.
Upload or use automatic log collection (from firewall, Defender for Endpoint, etc.).
Filter apps using the Company name field (this supports partial matches).
Example: search for Contains: Zoom
to find all apps with "Zoom" in the company name.
- Tag Apps as Unsanctioned
Select all matching apps.
Click Tag > Choose "Unsanctioned".
- Integrate with Defender for Endpoint (MDE) or Firewall
To block these apps on endpoint:
Go to Settings > Microsoft Defender for Endpoint in Defender for Cloud Apps.
Ensure integration is enabled.
Once apps are tagged as Unsanctioned, MDE will block HTTP/HTTPS traffic to those apps automatically (on supported browsers).
Note: Unsanctioned apps are blocked based on hostname/IP, not company name. So this method depends on the app matching being comprehensive.
- Use Cloud Discovery to identify apps
Go to Defender for Cloud Apps portal > Discover > Cloud Discovery dashboard.
Upload or use automatic log collection (from firewall, Defender for Endpoint, etc.).
Filter apps using the Company name field (this supports partial matches).
Example: search for Contains: Zoom
to find all apps with "Zoom" in the company name.
- Tag Apps as Unsanctioned
Select all matching apps.
Click Tag > Choose "Unsanctioned".
- Integrate with Defender for Endpoint (MDE) or Firewall
To block these apps on endpoint:
Go to Settings > Microsoft Defender for Endpoint in Defender for Cloud Apps.
Ensure integration is enabled.
Once apps are tagged as Unsanctioned, MDE will block HTTP/HTTPS traffic to those apps automatically (on supported browsers).
Note: Unsanctioned apps are blocked based on hostname/IP, not company name. So this method depends on the app matching being comprehensive.