Defender for Cloud Apps session controls and Chrome

Question

I have recently configured BYOD policies for our org to block downloads from Office 365 web apps on unmanaged devices using conditional access policies and https://learn.microsoft.com/en-us/defender-cloud-apps/session-policy-aad Everything works as expected on unmanaged devices. However, on managed-compliant devices, users can currently only use Edge without restrictions. Somehow, the session policies are being applied to Chrome and blocking downloads, regardless of it coming from a compliant device.

Does anyone else experience this issue?

keith_fleming · Answer

jasonbach&nbsp;to get the details from a device being compliant you'll need the windows 10 account extension for Chrome. Otherwise you might not see the correct device status.
&nbsp;
Conditions in Conditional Access policy - Microsoft Entra | Microsoft Learn

josephdacuma · Answer

jasonbach&nbsp;&nbsp;You need to install a Chrome extension called Windows Accounts. This will save you a lot of trouble specially you are implementing conditional access.&nbsp;&nbsp;&nbsp;&nbsp;Once installed, you can verify the status Conditional Access | Sign-in logs on your Azure AD. It should show something like this:&nbsp;&nbsp;Hope this helps.

jasonbach · Answer

Thanks this worked!

Forum Discussion

Defender for Cloud Apps session controls and Chrome

3 Replies