Conditional Access App Control causes SharePoint issue.

Copper Contributor

After configuring Conditional Access App Control with "Monitor Mode". There are issues in SharePointOnline. 

Whenever I try to move a document using "Move To" in a Document Repository it gives error "Cannot Connect"

1 Reply

@dipen_anbl  Check if the App Access and Session policies are properly configured to allow access to SharePoint Online. Ensure that the app ID for SharePoint (00000003-0000-0ff1-ce00-000000000000) is allowed in the policy.


After verifying the App Access and Session policies, move on to confirming if the user accounts accessing SharePoint are covered by the Conditional Access policies. It's crucial that these policies apply to the target set of users.


Next, review the App Control logs in Azure AD to investigate if access to SharePoint is being blocked due to blacklist rules. Examine the logs for details on rule matches, and consider tweaking the policy filters if necessary.


To further isolate the issue, try disabling App Control policies temporarily and test if the SharePoint problem persists. This step will help confirm whether App Control is the root cause.


Additionally, ensure there are no IP restrictions, Multi-Factor Authentication policies, or other conditional access rules impacting access to SharePoint. Disable these rules one by one to pinpoint and isolate the problem.


If SharePoint works with App Control turned off, but issues appear in Monitor mode, Microsoft recommends reporting the problem on the Microsoft 365 Admin Center under Help > Report a problem.