Cloudapp chrome extension11/6/2022 ![]() ![]() And in this case, our test user Ferry was working on a compliant device (you have to take my word for it). As you can see the Conditional Access policy requires a compliant device before access to the resource can be given. When users are using a non-supported configuration, this might reflect as followed in the Azure AD sign-in logging. Currently Microsoft supports the following browsers: Sign-in Logging This all has to do with browser support and configuration, below is an overview of the requirements and what is, and what’s not supported. ![]() (see: Extending Conditional Access to Microsoft Cloud App Security using Conditional Access App Control) Browser support CLOUDAPP CHROME EXTENSION DOWNLOADOr, MCAS blocks the download of a file, even though the user is working on a compliant device. Some examples I often encounter: End user is working on a compliant device, but cannot download or print files when using the web interface to connect to SharePoint online, this is caused by the App Enforced Restrictions policy being active (see: Limit Access to Outlook Web Access, SharePoint Online and OneDrive using Conditional Access App Enforced Restrictions). For an overview of my recommended set of Conditional Access policies see: Conditional Access demystified: My recommended default set of policies ![]() Therefore you must make sure that your browsers are configured correctly before you implement the Conditional Access policy. The reason I’m doing a more specific article on the subject is because I see a lot of issues when it comes to browser configuration which must be solved if you want to implement Conditional Access and use compliance as a way to grant access the environment.Įven though you are working in the browser on a compliant device, doesn’t necessarily mean that Azure AD can detect that. This article is about a subject I covered before in my blogpost titled: “ Understanding and governing reauthentication settings in Azure Active Directory“. ![]()
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |