Forum Discussion

richrico's avatar
richrico
Copper Contributor
Oct 29, 2021

BYPASS SESSION CONTROL

I am testing a real-time content inspection policy (Block upload) in conditional access app control. The policy is setup to block the upload of any files containing an SSN into a browser session app. The problem is the policy fails to block the upload although it logs a match anytime I try uploading a file into the app. I have tried with both Microsoft edge and Google chrome. Below is a screen shot. I will like to know what "Bypass session control" also means since that is what I suspect might be the clue to resolving the issue.

 

 

  • Jonhed's avatar
    Jonhed
    Steel Contributor

    richrico

    What does your policy look like?

    Also, is the application onboarded for session controls in MCAS? 

    • richrico's avatar
      richrico
      Copper Contributor

      Never mind, I found a solution to the problem. The session is being bypassed because the app is using an Oauth code login flow. Hence enabling "Treat access token and code requests as app logins" on the configuration page of the app rectified the issue. 

       

       

      Jonhed 

    • richrico's avatar
      richrico
      Copper Contributor

       

      I first used the template (Block upload based on real-time content inspection) and then created it from scratch. Both had the same result (didn't block the upload). And yes, the application is perfectly onboarded (shows connected) in MCAS

       

       

      Jonhed 

Resources