Forum Discussion
Exception in conditional access policy for "Windows app - macOS"
Hi,
I'm trying to restrict all Enterprise resources to Cloud-PC's only and therefore have a CAP in place that restricts access to all apps to cloud-pc's only. Naturally I have to provide an exception for the Remote desktop app so that end users can connect from their private endpoints to the cloud-PC.
Here's the problem though. While I can find an exception for the Windows Remote Desktop app this exception doesn't apply to macOS and when looking at the sign-in logs the policy locks out "Windows App - macOS" with the app-id 63896e48-3d27-4ce2-9968-610b4af62c5d.
Neither "Windows App - macOS" nor 63896e48-3d27-4ce2-9968-610b4af62c5d is findable in the application list for CAP exceptions.
Is there a workaround or will this be made available?
Maxim
- Sreejith_rCopper ContributorIt seems that this application isn't currently available to add in the CA policy. Have you tried Windows 365 with the ID 0af06dc6-e4b5-4f28-818e-e78e62d137a5? If that doesn't work, you can create a policy exception for MAC platforms and limit access from specific locations for MAC. This way, you can reduce the maximum exposure.
- maxim6300Copper Contributor
Sreejith_r yes Windows 365 we have as an exception as well as "Microsoft Remote Desktop" and "Azure Virtual Desktop".
However the MacOS app is still locked out. The user can only login through the web browser with this policy in place.
Allowing from MacOS defeats the purpose as the user would be able to access other applications from their Mac as well which we need to block.
- maxim6300Copper Contributor
I engaged with Microsoft support and we found the solution. You have to use the "Resource" and not the "Application" in the conditional access policy exception.
Looking at the sign-in logs of the blocked attempt you will see that the Resource is "Windows Cloud Login" and that one can be added to the conditional access policy as an exception.