Defender for Cloud Apps policy targeting in CA

Brass Contributor

I understand that if the conditional access session access control setting is set to Use Conditional Access App Control > Use custom policy... then every access/session policy in Defender for Cloud Apps will be applied.  Are there any plans to allow a single access/session policy or selected policies to be targeted?

2 Replies

@stromnessian it's not necessarily possible to define a policy today based on the CA policy that applied the session but you could also consider using a user group.

 

So have a specific user group for the CA policy, then define the same user group for a specific session policy that you would like to apply.

 

Would this cover the scenario in your case?

Thanks for your reply, @Keith_Fleming.

 

Yes, that works, but it seems inefficient, e.g., if you had 10 policies and each one had to be processed every time any in scope CA policy was hit, and a bit more challenging from an admin perspective than if targeting were possible.  Just wondered if it was on the roadmap.