185 questions
How to block access to Sign on (O365 Cloud Apps Exchange, SharePoint, Teams) while on Private VPN or anonymous Proxy
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(240, 69%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBT%3C/text%3E%3C/svg%3E)
Bearded Techie
0
Reputation points
I am attempting to setup a Conditional Access policy that will block access to all Microsoft services if the users are utilizing any of the unsanctioned VPN services in Windows Defender Cloud App Catalog.
The policies in Defender seem to only create a notification.
I was following along with this article from Tatu Seppala https://www.linkedin.com/pulse/blocking-sign-ins-from-tor-other-anonymous-proxies-365-tatu-sepp%C3%A4l%C3%A4
The idea is Conditional Access App Control and Defender for Cloud App Access Policy. The problem is that when I create the Access Control policy, I get an error that says I do not have any apps deployed.
So what is the best way to stop access to all of my Office 365 services if a user is using a private VPN service like ExpressVPN, NordVPN, or any other Anonymous Proxy service when I don't have an app to deploy?
For reference: Azure, Intune, Entra, Defender, and Defender with Cloud Apps are all in play. We already have GeoIP locations blocked so anyone outside of the country fails to get access, unless they have an exception or a private VPN service in play. We need to stop the VPN service unless it is the one our company provides.
Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud Apps
Sign in to answer