Forum Discussion
Conditional access policy not recognised
Hello everyone, We're evaulating Cloud Apps session/conditional access/session policies but have hit a weird snag. We have created a conditional access policy in EntraID with session control ...
Hello HidMov,
The issue you’re experiencing is likely due to a synchronization delay or configuration misalignment between Entra ID Conditional Access and the Cloud App Security portal. When creating Conditional Access policies, it’s important to ensure that they have the appropriate session control settings enabled, specifically the Use Conditional Access App Control option. If using the Monitor Only (Preview) mode, there may be limitations or inconsistencies, as preview features can sometimes behave differently. It would be advisable to switch the session control to a more stable setting like Block or Monitor and Enforce to see if this resolves the problem.
Additionally, verify that the integration between Entra ID and Cloud App Security is correctly configured by navigating to the Defender for Cloud Apps portal and checking the integration status under Settings - Conditional Access App Control. If the status is not connected or shows any errors, re-establish the connection. Also, check if the targeted applications in your Conditional Access policies match those you’re trying to control through Cloud App Security, as a mismatch can cause policies to not be recognized. Since you also mentioned using a custom policy configuration, ensure that the newly created policies are correctly targeting the users and applications for which you want to enforce session controls.
If the issue persists, try creating a fresh Conditional Access policy, assigning it to a different test user, and seeing if it is recognized by Cloud App Security. If none of these steps resolve the issue, there may be a backend synchronization problem or a bug in the current implementation of these features, and opening a support case with Microsoft would be recommended for further investigation.
Kind regards.
The issue you’re experiencing is likely due to a synchronization delay or configuration misalignment between Entra ID Conditional Access and the Cloud App Security portal. When creating Conditional Access policies, it’s important to ensure that they have the appropriate session control settings enabled, specifically the Use Conditional Access App Control option. If using the Monitor Only (Preview) mode, there may be limitations or inconsistencies, as preview features can sometimes behave differently. It would be advisable to switch the session control to a more stable setting like Block or Monitor and Enforce to see if this resolves the problem.
Additionally, verify that the integration between Entra ID and Cloud App Security is correctly configured by navigating to the Defender for Cloud Apps portal and checking the integration status under Settings - Conditional Access App Control. If the status is not connected or shows any errors, re-establish the connection. Also, check if the targeted applications in your Conditional Access policies match those you’re trying to control through Cloud App Security, as a mismatch can cause policies to not be recognized. Since you also mentioned using a custom policy configuration, ensure that the newly created policies are correctly targeting the users and applications for which you want to enforce session controls.
If the issue persists, try creating a fresh Conditional Access policy, assigning it to a different test user, and seeing if it is recognized by Cloud App Security. If none of these steps resolve the issue, there may be a backend synchronization problem or a bug in the current implementation of these features, and opening a support case with Microsoft would be recommended for further investigation.
Kind regards.
Thanks josequintino - I've run through everything and it still looks like it should be set up correctly, but still not seeing that a CA is configured. I've raised a ticket with MS who can hopefully give something a kick in the backend.