Forum Discussion
Allow Chrome / Firefox through Conditional Access
Hi All
I hope you are all well.
Anyway, we have rolled out a CA policy that requires users to be on an Intune enrolled and compliant Windows device. So far, so good.
However, a lot of our end users are Front Line Workers who will use browser based Office Web Apps for email etc. The problem is that the CA policy only allows access to M365 resources on Microsoft Edge browser, other browsers such as Chrome, FF get the "you cannot get to there from here" message.
The majority of our end users won't know the difference between browsers and will just use anything, so is there a way to extend the CA policy to Chrome and FireFox?
Info appreciated
You must install the following chrome extension, when using device restrictions in CA policies.
https://chromewebstore.google.com/detail/microsoft-single-sign-on/ppnbnpeolgkicgegkbkbjmhlideopijiWhen you use firefox, you must set specific settings. (the following site's note section)
https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-conditions#supported-browsers
15 Replies
You must install the following chrome extension, when using device restrictions in CA policies.
https://chromewebstore.google.com/detail/microsoft-single-sign-on/ppnbnpeolgkicgegkbkbjmhlideopijiWhen you use firefox, you must set specific settings. (the following site's note section)
https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-conditions#supported-browsers
- Perfect thanks
- With Chrome you can enable cloud auth to support CA. This may help - https://rahuljindalmyit.blogspot.com/2023/05/configure-cloudapauthenabled-to-support.html
I haven’t worked on Firefox in a while but there should be similar for it as well. StuartK73 Hi, as an operating system what do they use? Windows, iOS, Android?
- "we have rolled out a CA policy that requires users to be on an Intune enrolled and compliant Windows device."
Windows devices for now buddyStuartK73 Okay, but do frontline workers also use windows devices?
If you have complete control of the device why would you want to make them use other browsers as well? I would force them to use edge so in addition to limiting management (only 1 browser) you wouldn't have par
