Defender for Cloud Apps session controls and Chrome

Copper Contributor

I have recently configured BYOD policies for our org to block downloads from Office 365 web apps on unmanaged devices using conditional access policies and session control policies in Defender for Cloud Apps. Everything works as expected on unmanaged devices. However, on managed-compliant devices, users can currently only use Edge without restrictions. Somehow, the session policies are being applied to Chrome and blocking downloads, regardless of it coming from a compliant device.

 

Does anyone else experience this issue?

3 Replies

@jasonbach to get the details from a device being compliant you'll need the windows 10 account extension for Chrome. Otherwise you might not see the correct device status.

 

Conditions in Conditional Access policy - Microsoft Entra | Microsoft Learn

@jasonbach 

 

You need to install a Chrome extension called Windows Accounts. This will save you a lot of trouble specially you are implementing conditional access.  

 

josephpogi_2-1679464180902.png

 

Once installed, you can verify the status Conditional Access | Sign-in logs on your Azure AD. It should show something like this:

 

josephpogi_3-1679464289066.png

 

Hope this helps.

Thanks this worked!