Defender for Cloud Apps session controls and Chrome

Question

I have recently configured BYOD policies for our org to block downloads from Office 365 web apps on unmanaged devices using conditional access policies and session control policies in Defender for Cloud Apps. Everything works as expected on unmanaged devices. However, on managed-compliant devices, users can currently only use Edge without restrictions. Somehow, the session policies are being applied to Chrome and blocking downloads, regardless of it coming from a compliant device.

Does anyone else experience this issue?

keith_fleming · Answer

jasonbach&nbsp;to get the details from a device being compliant you'll need the windows 10 account extension for Chrome. Otherwise you might not see the correct device status.
&nbsp;
Conditions in Conditional Access policy - Microsoft Entra | Microsoft Learn

josephdacuma · Answer

jasonbach&nbsp;&nbsp;You need to install a Chrome extension called Windows Accounts. This will save you a lot of trouble specially you are implementing conditional access.&nbsp;&nbsp;&nbsp;&nbsp;Once installed, you can verify the status Conditional Access | Sign-in logs on your Azure AD. It should show something like this:&nbsp;&nbsp;Hope this helps.

jasonbach · Answer

Thanks this worked!

Forum Discussion

Defender for Cloud Apps session controls and Chrome

3 Replies

Resources