Conditional access app control differences

Frequent Contributor



I have a bunch of saml enterprise apps that have been added to Azure enterprise applications. Azure is the IDP for  these apps. If i create a CA policy and add for example the "Docusign" app to "Use Conditional access app control" and select "Monitor" , after logging into the app i can now see the app in "Connected apps" in cloud app security. My question is what is the difference between adding "Docusign" using the wizard below vs. adding the app using a CA policy ?




2 Replies
best response confirmed by Skipster311-1 (Frequent Contributor)
There should be no difference. It’s just another wizard to add an app. If it’s however already integrated using the enterprise apps gallery in Azure AD you’re good to go.
Yes, all my saml apps are already added to Azure enterprise apps, so based on your comment it appears the correct path for adding these apps to cloud app security is to use CA policy? If my saml apps were not already added to Azure enterprise apps would i then use the "add a SAML application with your identity provider" method ? just trying to understand the different use cases.