Forum Discussion
Whitelist apps through Conditional Access?
Hello Techies! TL:DR Goal: I want to block all apps in Conditional Access except ones I have approved. Problem: Not all Microsoft apps are visible in the GUI.. What do? The long of it I have p...
I'm not sure what you're trying to achieve with this. I'm not seeing any *conditional* access (like "if not compliant then grant requiring MFA else block") here. It sounds like you're only trying to configure user access as a whole. Assuming that's what you want to do, then I doubt conditional access is what you need.
For instance; being able to (network) access the admin portals is one thing, but being authorized to do anything is another. That's a case for RBAC, PIM or maybe even some simple, portal-specific setting like "Restrict access to Azure AD administration portal" to block non-admins in AAD.
But, as said, I'm not sure I understand the end goal here. I might be totally misunderstanding you. Could you elaborate a bit?
For instance; being able to (network) access the admin portals is one thing, but being authorized to do anything is another. That's a case for RBAC, PIM or maybe even some simple, portal-specific setting like "Restrict access to Azure AD administration portal" to block non-admins in AAD.
But, as said, I'm not sure I understand the end goal here. I might be totally misunderstanding you. Could you elaborate a bit?
Thanks for the reply Niels!
I think you got the gist of the plan. Regarding RBAC, it would only help if users do not have a license, in my case they do but we want to limit access from iOS entirely.
Here is an example of the potential policy.
Unfortunately not all needed apps can be whitelisted 😞 (at least via GUI)