Forum Discussion
Defender for Cloud Apps policy targeting in CA
I understand that if the conditional access session access control setting is set to Use Conditional Access App Control > Use custom policy... then every access/session policy in Defender for Cloud Apps will be applied. Are there any plans to allow a single access/session policy or selected policies to be targeted?
2 Replies
- Keith_Fleming
Microsoft
stromnessian it's not necessarily possible to define a policy today based on the CA policy that applied the session but you could also consider using a user group.
So have a specific user group for the CA policy, then define the same user group for a specific session policy that you would like to apply.
Would this cover the scenario in your case?
Thanks for your reply, Keith_Fleming.
Yes, that works, but it seems inefficient, e.g., if you had 10 policies and each one had to be processed every time any in scope CA policy was hit, and a bit more challenging from an admin perspective than if targeting were possible. Just wondered if it was on the roadmap.
