Forum Discussion
Access Policies not blocking existing Office app connections
I'm testing blocking the Office apps on unmanaged devices so users cannot use them to download sensitive data. While I have had success with preventing users from licensing their Office apps or setti...
While investigating this issue I came across this https://samilamppu.com/2021/06/22/cloud-app-security-access-policies-common-use-cases/ from 2021 which says the following:
Native clients interactive sign-on can be seen in MCAS but when they are acquiring refresh-token it’s not visible in MCAS.
Looking at the existing Microsoft docs page for creating Access policies it says under the section, test your policy:
Sign out of all existing sessions before re-authenticating to your apps.
So if Access policies can only restrict interactive logins from client apps, that would explain why existing application sessions arent being restricted.