Forum Discussion
Conditional Access Policies, Guest Access and the "Microsoft Invitation Acceptance Portal"
Hello Identity Experts, We are expanding access to our M365 resources to Guests and as such we are modifying our existing CA policies to provide the appropriate restrictions and controls. We are...
- I am afraid this won't work, simply because the Microsoft App Access Panel and MyApps portals aren't available as a Cloud App within Conditional Access. There is a user voice vote available for this to be implemented: https://microsoftintune.uservoice.com/forums/291681-ideas/suggestions/33689335-add-conditional-access-support-to-microsoft-app-ac
For now, I would suggest you create a policy and block applications (e.g. Azure Portal) one by one instead of blocking all applications. Also, you can configure Conditional Access App Control If you're afraid guest and external accounts will abuse (print, etc.) protected data.
Ran into this post researching a way to block access to everything except Teams and SPO, running into the same problem. Is the Microsoft App Access Panel still not available to exclude specifically? Picking apps we *think* might need to be blocked isn't really secure or scalable.
Unfortunately, not yet; Microsoft has given the feature request the label "planned." I have no idea when they will release this.
https://feedback.azure.com/d365community/idea/1365df89-c625-ec11-b6e6-000d3a4f0789
https://feedback.azure.com/d365community/idea/1365df89-c625-ec11-b6e6-000d3a4f0789
