Forum Discussion
Conditional Access Help
Hi -
Thought this would be easy but it's not. We have a group of 5 temporary employees that need to access one custom built app in our environment. That app utilizes M365 authentication. I setup these users in a security group and want to block all access with the exclusion to this one app. The problem is, if I block Office 365, it does not allow them to login to the custom app. They get an error that blocks them, even though the app itself is excluded. I then exclude the app and Office 365 and it allows the login. This is frustrating because we cannot allow any access to Outlook, Sharepoint, OneDrive, etc. Any advice? When I try to search for just Exchange or Sharepoint by itself, there are no options to select under Cloud Apps.
Kidd_Ip Thanks, but unfortunately it doesn't appear that CA can do it.
I was able to get around some of this by creating a security group and granting a very limited F3 license. The only thing I haven't been able to block is Sharepoint. The user can still navigate to our company page and see a company based document library. I could do major changes to block it, but it shouldn't be that way and I would be nervous that I would block access to those that need it. I am hoping there is something easy. I may just have to go to Powershell and block each user individually to each particular site which is not ideal either.
To restate the problem:
I have a custom built enterprise application and a CA that blocks Office 365. I am unable to login with these accounts to the enterprise application. Is there a particular app that I can exclude that allows this authentication to work but doesn't grant access to Office apps?
