Mar 06 2024 10:44 AM
I understand that if the conditional access session access control setting is set to Use Conditional Access App Control > Use custom policy... then every access/session policy in Defender for Cloud Apps will be applied. Are there any plans to allow a single access/session policy or selected policies to be targeted?
Mar 06 2024 02:28 PM
@stromnessian it's not necessarily possible to define a policy today based on the CA policy that applied the session but you could also consider using a user group.
So have a specific user group for the CA policy, then define the same user group for a specific session policy that you would like to apply.
Would this cover the scenario in your case?
Mar 07 2024 12:33 AM
Thanks for your reply, @Keith_Fleming.
Yes, that works, but it seems inefficient, e.g., if you had 10 policies and each one had to be processed every time any in scope CA policy was hit, and a bit more challenging from an admin perspective than if targeting were possible. Just wondered if it was on the roadmap.