cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Conditional access app control vs. Conditional access

Skipster311-1
Iron Contributor

‎Aug 02 2021 08:22 AM

‎Aug 02 2021 08:22 AM

Conditional access app control vs. Conditional access

Hello all

 

I'm trying to understand when i would use one vs. the other? On the surface it looks like "Conditional access app control" is used when i want to redirect my 3rd party saml apps to MCAS, and "Conditional access" in cloud app security only applies to the built in O365 apps ? Is this correct ?

2,161 Views
0 Likes
1 Reply
Reply
1 Reply
JaredPoeppelman

‎Dec 06 2021 08:15 AM

‎Dec 06 2021 08:15 AM

Re: Conditional access app control vs. Conditional access

Conditional Access is a feature of Azure Active Directory Premium

Conditional Access App Control is a feature of MDCA.

Conditional Access in Azure AD is similar in functionality to Access Policies in MDCA. They do not proxy the entire session, but rather evaluate access at sign-in or token refresh time. Azure AD does not have a reverse proxy for SaaS apps, like the CAAC session proxy in MDCA.

Generally speaking, you should use Azure AD for CA for scenarios where its features meet your needs and only use CAAC, when necessary. The primary cases for MDC CAAC would be (1) using device certificates to evaluate device trust with access policies, (2) reverse proxying the entire user session through the CAAC session proxy to achieve download/upload controls, or other real-time controls, or (3) doing conditional access for a SAML app that relies on some IDP other than Azure AD.

Hope that helps.
0 Likes
Reply