In addition to the Global Response Actions available to all policies, the following two are available for Apps Firewall policies:
Changes the classification of an app automatically. For example, in the Risky Access Scopes policy, any apps with risky scopes that trigger an incident can automatically be classified as Banned.
Revoke App Authorization
Automatically removes the app's authorization so it cannot be used in the domain. Revoking an app through a policy response action is a one-time action.
Not all Apps Firewall policies have the ability to use all of the response actions mentioned above. Here is a break down of the response actions offered in each Apps Firewall policy:
|Policy||Classify App||Delay Next Response Action||Incident Status Update||Notify Admin by Email||Notify End User by Email||Revoke App Authorization|
|New Unclassified Apps||X||X||X||X||X||X|
|Trusted Access Scopes||X||X||X||X||N/A|
|Trusted Apps by Name||default||X||default||X||X||N/A|
|Risky Access Scopes||X||X||X||X||X||X|
|Monitor Under Audit Apps||N/A||defaulted to Dismissed||X||X||N/A|
|Revoke Banned Apps||N/A||defaulted to Resolved||X||X||default|
Updated almost 4 years ago