Aug 17 2024 08:21 AM
Hi all,
I've setup a Conditional Access policy in Entra ID with the following settings:
I've then setup two policies in the Defender CAS service, one that prevents downloads and one that prevents Cut/Copy. I've not used the templates as I'd like to learn how to create these from scratch anyway.
The targets for both policies in CAS are simply App > Manual Onboarding > Microsoft Online Services. My understanding is that using "Microsoft Online Services" here should basically encompass all services I want. If I go to Settings in Defender Microsoft Exchange Online and Microsoft SharePoint both show as onboarded and enabled.
When I sign into one of these services, I can see it try and redirect me to the mcas.ms URL but then falls back to the original and the controls in my policies are not applied. If I check in the Activity Log my sign-ins show as "Bypass Session Control".
Does anyone know what I might be missing?
TIA
Aug 18 2024 12:19 AM