Deny corporate email usage with unsanctioned apps

  • 15 July 2023
  • 3 replies

Badge +7

Hi Netskopers, is it possible to deny employees logging into unsanctioned apps using a corporate email account?  Can see it is possible to permit or deny other activities such as upload/download. Would like permit usage of unsanctioned apps using personal email addresses/accounts but not with corporate email addresses/accounts.

Thank you  


Best answer by sshiflett 19 July 2023, 17:43

View original

3 replies

Userlevel 6
Badge +16

Yes.  This is possible using constraints on activities.  As you noted, this is available on Upload, Download, as well as Logins and other activities.  You will need to figure out the sanctioned apps to allow this login and then block remaining apps via categories or app tags (I.e allow logins with corp credentials to apps with the "sanctioned" tag and block all others).  You can create a User Constraint profile with your corporate domains:

You can then create a policy that blocks any Login activities with these domains to specific apps.  In my policy below I block logins to any Webmail tagged as Unsanctioned.  You could expand this to additional categories such as Cloud Storage and others.  


The exact policy structure will depend heavily on how you've written policies already. 



Yes this is possible... didn't see Sam's reply before and I can't erase mine haha... Sam's smart, listen to him 🙂

Badge +7

Excellent, thank you for the detailed response. Exactly what I was looking for!