Allow access to a sanctioned application based on app tag
To create inline policies based on sanctioned status of an application, follow the steps as shown below:
Navigate to Policies > Real time Protection > New Policy > Cloud App access.
Under the ‘Destination’ section, select the ‘Category’ option. Add the list of categories that should be checked for sanctioned applications.
Under ‘Add Criteria and Constraints’, select the option ‘App tag’ and select the value ‘Sanctioned’.
To learn more: Real-time Protection Policies