In addition to the Global Response Actions available to all policies, the following two are available for Apps Firewall policies:
Classify App
Changes the classification of an app automatically. For example, in the Risky Access Scopes policy, any apps with risky scopes that trigger an incident can automatically be classified as Banned.
Revoke App Authorization
Automatically removes the app's authorization so it cannot be used in the domain. Revoking an app through a policy response action is a one-time action.
Response Actions by Policy
Not all Apps Firewall policies have the ability to use all of the response actions mentioned above. Here is a break down of the response actions offered in each Apps Firewall policy:
New Unclassified Apps
X
X
X
X
X
X
Trusted Access Scopes
X
X
X
X
N/A
Trusted Apps by Name
default
X
default
X
X
N/A
Risky Access Scopes
X
X
X
X
X
X
Monitor Under Audit Apps
N/A
defaulted to Dismissed
X
X
N/A
Revoke Banned Apps
N/A
defaulted to Resolved
X
X
default
Updated 2 years ago