Forum Discussion
Workplace by Facebook session control not enforced
You should now be able to access the Edit App. The feature was rolled out with the new Any App Support for Session Control!
strav970 Would you be able to confirm the following?
1. In the Azure AD Conditional Access Policy, check that Workplace by Facebook is selected as a Cloud App
2. In the MCAS Session Policy, if you have App Selected in the filter, check that Workplace by Facebook is added
3. In the MCAS Confirm that Session Control is enabled for Workplace by Facebook
Thank you very much Anisha for your feedback.
Indeed we do have all those configurations in place, but still can’t accomplish session control.This is a screenshot from our lab tenant but we get same behavior in production.
I’m also attaching a fiddler trace in case you want to review.
I’m suspecting of ReplyURL and SAML configuration from Workplace, since they starting to change their URLs to my.workplace.com, but I don’t have enough evidence to justify since it doesn’t seem obvious to me how this would affect MCAS.
SP Initiated is working ok, but IdpInit is throwing error from Workplace side, nonetheless its stated in MS Docs that SP Init is only support.
Thanks again for your help.strav970
> I’m suspecting of ReplyURL and SAML configuration from Workplace, since they starting to change their URLs to my.workplace.com.
In this case, you can add in a User Defined Domain within the settings of the application:1. Navigate to Conditional Access Control Apps
2. Click the 3 Dots to the right and select Edit App
3. Select View App Domains to see what domains MCAS recognizes (in this case my.workplace.com is not categorized)
4. Add in my.workplace.com into the User-designed domains textbox to associate the domainThanks Anisha Gupta
I cant seem to find the Edit App option for any of my Session Controlled Apps:
These Apps are integrated through the Azure AD gallery.
Can you think of a reason why?
Thanks again for your help.
