Forum Discussion

VTPatsFan2425's avatar
VTPatsFan2425
Copper Contributor
Sep 23, 2021
Solved

Conditional Access Policies, Guest Access and the "Microsoft Invitation Acceptance Portal"

Hello Identity Experts,   We are expanding access to our M365 resources to Guests and as such we are modifying our existing CA policies to provide the appropriate restrictions and controls.  We are...
Access Management
Azure Active Directory (AAD)
Conditional Access
Identity Management
  • BilalelHadd's avatar
    BilalelHadd
    Sep 28, 2021
    I am afraid this won't work, simply because the Microsoft App Access Panel and MyApps portals aren't available as a Cloud App within Conditional Access. There is a user voice vote available for this to be implemented: https://microsoftintune.uservoice.com/forums/291681-ideas/suggestions/33689335-add-conditional-access-support-to-microsoft-app-ac

    For now, I would suggest you create a policy and block applications (e.g. Azure Portal) one by one instead of blocking all applications. Also, you can configure Conditional Access App Control If you're afraid guest and external accounts will abuse (print, etc.) protected data.
thijoubertold's avatar
thijoubertold
Iron Contributor
Sep 30, 2021

Hi VTPatsFan2425

 

AFAIK BilalelHadd is right, Conditionnal Access does not support these apps... 

I encountered the same issue for several of my clients. 

 

A workaround we used was simply to ... not use MyApps for the guests (as they were using only Office 365 services).

As we were using custom tool to manage the guests: we change the "inviteRedirectUrl" to avoid the redirection to MyApps. 

But that's not the ideal behavior

 

More info here: 

- https://docs.microsoft.com/en-us/azure/active-directory/external-identities/redemption-experience

- https://docs.microsoft.com/en-us/azure/active-directory/external-identities/invite-internal-users

 

Resources