Forum Discussion
Autht cloud app security
He doesn't explicitly mention it indeed. But if you look at the screenshots near the end of the article, you can see the second policy above the MCAS policy screenshot. Underneath the screenshot he mentions: You also need session policy to be enabled on conditional access targeting apps
Skipster311-1 @R_Gijsbers_Rademakers
Azure AD Sign-in logs are suggesting that the authentication context policy is not applying because of application. In the CA policy if i select "Authentication Context" I dont get the ability to select an application. So this is a bit confusing
I've just tested it myself and I wasn't completely right with my earlier statement. I came to the following conclusion.
You will need two separate Conditional Access policies for this to work.
- A policy for the Authentication Context as you created it.
- A policy for the application you want to protect with Use Conditional Access App Control set to custom policy. In this Cornerstone)
Within MCAS you configure the session policy to use step-up authentication with the corresponding authentication context.
- Interesting, and thank you for testing this in your lab. Creating two CA polices contradicts what the author of this posts has done. Scroll down to the "Configuration for MS Cloud App Security and Azure Portal Action" part of the article.
https://securecloud.blog/2021/05/22/deep-diver-azure-ad-conditional-access-authentication-context-setup-for-custom-apps-and-ms-cloud-app-security/He doesn't explicitly mention it indeed. But if you look at the screenshots near the end of the article, you can see the second policy above the MCAS policy screenshot. Underneath the screenshot he mentions: You also need session policy to be enabled on conditional access targeting apps
- Okay, i didn't notice that. Which CA policy should have the "require mfa" and "require compliant device" ?
