Valid Client Certificate Policy Blocking Inconsistent
I have all Office365 traffic passing through Cloud Apps via a Conditional Access policy that targets all users, and I want to use valid client certificate to determine whether a device is managed or unmanaged. I tried ‘Hybrid AD Joined’ but no devices that perform a download action are tagged as such.
I’ve created a session policy to block downloading sensitive labelled files via the web browser from Exchange/SharePoint/OneDrive. If I open a test labelled document in Word Online, click Save As and ‘Download a Copy’, I get the block message. If I navigate to OneDrive/My Files in the web browser, click on the 3 dots next to the same test file and click download, the file successfully downloads.
I’ve tried testing on an unmanaged device with Firefox and a managed device with Edge, with the same results.
Can anyone explain why I am getting different outcomes for what is effectively the same action?
Thanks.
I have all Office365 traffic passing through Cloud Apps via a Conditional Access policy that targets all users, and I want to use valid client certificate to determine whether a device is managed or unmanaged. I tried ‘Hybrid AD Joined’ but no devices that perform a download action are tagged as such. I’ve created a session policy to block downloading sensitive labelled files via the web browser from Exchange/SharePoint/OneDrive. If I open a test labelled document in Word Online, click Save As and ‘Download a Copy’, I get the block message. If I navigate to OneDrive/My Files in the web browser, click on the 3 dots next to the same test file and click download, the file successfully downloads. I’ve tried testing on an unmanaged device with Firefox and a managed device with Edge, with the same results. Can anyone explain why I am getting different outcomes for what is effectively the same action? Thanks. Read More