adding azure enterprise apps to cloud app security

Mobile client apps cannot be reliably supported for session policies because it requires that the client be redirected (via 302 redirects) to the session proxy. Many mobile client apps use SSO authentication flows that do not use these redirects, providing no opportunity to point the client app to the reverse proxy. This means that if you want session controls, they should be applied to browser access in the required scenarios alongside blocking the app-based access entirely. Otherwise, the browser experience may lead you to a false presumption of how app-based apps will honor the policy or not.