Allow access to a sanctioned instance of a supported corporate app
To create inline policies based on sanctioned status of an application instance, follow the steps as shown below:
Navigate to Policies > Real time Protection > New Policy > Cloud App access.
Under the 'Destination' section, select App Instance. Options selected here will apply in the policy being created.
Provide the instance name that would appear as an option to select from.
To learn more: Real-time Protection Policies