To create inline policies that are meant to coach users away from unsanctioned applications and allow justifications of required use, follow the steps as shown below:
Navigate to Policies > Real time Protection > New Policy > Cloud App Access (or appropriate option as per your requirement).
Under the ‘Destination’ section, select ‘ADD CRITERIA & CONSTRAINTS’ and select the option App Tag and set it to ‘Unsanctioned’.
Under the ‘Profiles & Action’ section, set Action as ‘User Alert’ and select a template that would be used for coaching the user.
Example of User alert:
To view the results of this policy, navigate to Skope IT > Alerts.
Set the filter option ‘Action’ to ‘User Alert’.
To learn more: Real-time Protection Policies