Conditional Access App Control keeps Bypassing
Hi all,
I’ve setup a Conditional Access policy in Entra ID with the following settings:
Targeted User: me (as a test)Targeted Resource: Office 365 (I’m interested specifically in SharePoint and OWA)Session Control: Use Conditional Access App Control > Custom Policy
I’ve then setup two policies in the Defender CAS service, one that prevents downloads and one that prevents Cut/Copy. I’ve not used the templates as I’d like to learn how to create these from scratch anyway.
The targets for both policies in CAS are simply App > Manual Onboarding > Microsoft Online Services. My understanding is that using “Microsoft Online Services” here should basically encompass all services I want. If I go to Settings in Defender Microsoft Exchange Online and Microsoft SharePoint both show as onboarded and enabled.
When I sign into one of these services, I can see it try and redirect me to the mcas.ms URL but then falls back to the original and the controls in my policies are not applied. If I check in the Activity Log my sign-ins show as “Bypass Session Control”.
Does anyone know what I might be missing?
TIA
Hi all, I’ve setup a Conditional Access policy in Entra ID with the following settings:Targeted User: me (as a test)Targeted Resource: Office 365 (I’m interested specifically in SharePoint and OWA)Session Control: Use Conditional Access App Control > Custom PolicyI’ve then setup two policies in the Defender CAS service, one that prevents downloads and one that prevents Cut/Copy. I’ve not used the templates as I’d like to learn how to create these from scratch anyway. The targets for both policies in CAS are simply App > Manual Onboarding > Microsoft Online Services. My understanding is that using “Microsoft Online Services” here should basically encompass all services I want. If I go to Settings in Defender Microsoft Exchange Online and Microsoft SharePoint both show as onboarded and enabled. When I sign into one of these services, I can see it try and redirect me to the mcas.ms URL but then falls back to the original and the controls in my policies are not applied. If I check in the Activity Log my sign-ins show as “Bypass Session Control”. Does anyone know what I might be missing? TIA Read More