This policy enables admins to determine which applications have asked for appropriate scopes of access to the users' data and which are a potential risk. Any selected scopes are considered risky and trigger an incident if a user authorizes and installs an app that requests one of those scopes. Any unselected scopes are deemed appropriate and will not cause incidents for authorized apps with those scopes. The scope categories Full Data Access and Manage User Activity are high risk pre-selected by default.
- Navigate to Policies and search for Risky Access Scopes.
- Under Detection Criteria click Edit.
- Search for a scope category to add to the policy and click Add.
Expand the Scope categories to view the list of scopes grouped into each category. (For a complete list of scope categories per platform, see Access Scopes.) Choose which scopes in each category to be considered Risky, or mark the checkbox to the left of the category to include all scopes within the category.
Cloudlock recommends using the response action Classify App with this policy to classify apps with risky scopes as Banned. Once these apps have been classified as Banned, the Revoke Banned Apps policy begins its workflow to revoke authorization of Banned apps in the environment.
Updated over 1 year ago