![]() All these browsers will not work in this scenario. Keep in mind that there are also other browsers who use the Mozilla engine, like Tor Browser, Waterfox, and SeaMonkey to name a few. If you configure a conditional access policy enforcing App Enforced Restrictions for example, you will experience these restrictions even when working on a compliant device. Mozilla Firefox isn’t a supported browser when it comes to Conditional Access. And in this case, our test user Ferry was working on a compliant device (you have to take my word for it). As you can see the Conditional Access policy requires a compliant device before access to the resource can be given. When users are using a non-supported configuration, this might reflect as followed in the Azure AD sign-in logging. Currently Microsoft supports the following browsers: Sign-in Logging This all has to do with browser support and configuration, below is an overview of the requirements and what is, and what’s not supported. (see: Extending Conditional Access to Microsoft Cloud App Security using Conditional Access App Control) Browser support Or, MCAS blocks the download of a file, even though the user is working on a compliant device. Some examples I often encounter: End user is working on a compliant device, but cannot download or print files when using the web interface to connect to SharePoint online, this is caused by the App Enforced Restrictions policy being active (see: Limit Access to Outlook Web Access, SharePoint Online and OneDrive using Conditional Access App Enforced Restrictions). ![]() For an overview of my recommended set of Conditional Access policies see: Conditional Access demystified: My recommended default set of policies Therefore you must make sure that your browsers are configured correctly before you implement the Conditional Access policy. The reason I’m doing a more specific article on the subject is because I see a lot of issues when it comes to browser configuration which must be solved if you want to implement Conditional Access and use compliance as a way to grant access the environment.Įven though you are working in the browser on a compliant device, doesn’t necessarily mean that Azure AD can detect that. ![]() This article is about a subject I covered before in my blogpost titled: “ Understanding and governing reauthentication settings in Azure Active Directory“. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |