![]() ![]() After signing in, users see a message (Figure 2) to let them know their connection is being monitored. You’ll want to target this policy at a test user and sign into an Office 365 app such as OWA. There’s no need to configure any grant controls but under the session section, enable the option to Use Conditional Access App Control as shown in Figure 1: Figure 1: Enable Use Conditional Access App Control in the CA policyįor an app to become available within MDCA, at least one connection must be routed from Conditional Access. The policy can be customized with further conditions such as locations or device states to meet specific requirements. To configure Conditional Access, create a new CA policy to target users (everyone in the tenant or just a selected set) and the app you want to control (in this case, Office 365). Once the app supports integrated authentication with Azure AD, it becomes available in Conditional Access to route to MDCA. ![]() For Office 365 this already happens, but any third-party apps (for example Dropbox or Salesforce) must be set up for Azure AD SSO. ![]() To leverage app control, an app must authenticate via Azure AD. Keep in mind that app control only works for web sessions, so if you want to ensure your cloud apps are secured, you might want to block desktop and mobile apps or manage them by using Endpoint Manager or other means. Because connections are proxied, rather than direct to the app, the policies defined can control – at a granular level – the functionality delivered to the end user. MDCA can be purchased as a separate subscription or as part of Enterprise Mobility + Security E5 or Microsoft 365 E5.Ĭonditional Access App Control works by proxying user connections to cloud apps (provided Azure AD is used for authentication) through the MDCA service, and then monitoring connections and applying policies to user sessions in real time.
0 Comments
Leave a Reply. |