Defender for Cloud Apps session controls and Chrome

jasonbach · ‎Mar 21 2023

I have recently configured BYOD policies for our org to block downloads from Office 365 web apps on unmanaged devices using conditional access policies and session control policies in Defender for Cloud Apps. Everything works as expected on unmanaged devices. However, on managed-compliant devices, users can currently only use Edge without restrictions. Somehow, the session policies are being applied to Chrome and blocking downloads, regardless of it coming from a compliant device.

Does anyone else experience this issue?

Keith_Fleming · ‎Mar 21 2023

@jasonbach to get the details from a device being compliant you'll need the windows 10 account extension for Chrome. Otherwise you might not see the correct device status.

Conditions in Conditional Access policy - Microsoft Entra | Microsoft Learn

josephdacuma · ‎Mar 21 2023

@jasonbach

You need to install a Chrome extension called Windows Accounts. This will save you a lot of trouble specially you are implementing conditional access.

Once installed, you can verify the status Conditional Access | Sign-in logs on your Azure AD. It should show something like this:

Hope this helps.

jasonbach · ‎Mar 22 2023

Thanks this worked!

Defender for Cloud Apps session controls and Chrome

Defender for Cloud Apps session controls and Chrome

Re: Defender for Cloud Apps session controls and Chrome

Re: Defender for Cloud Apps session controls and Chrome

Re: Defender for Cloud Apps session controls and Chrome

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Defender for Cloud Apps session controls and Chrome