How to stop an app from going through the reverse proxy?


I have 2 apps. Let's call them "SharePoint" and "Expense App". I want SharePoint access to go through the reverse proxy so I make a Azure AD conditional access policy, apply it to SharePoint sign-ins, and everything is working great. I can go to SharePoint and it is proxied and I can go straight to Expense App without the proxy and that works fine as well. However, when I click on a link in SharePoint to go to Expense App then it sends that through the proxy too and that breaks parts of Expense App. I found Expense App listed as "Connected" under "Conditional Access App Control apps" in the "Connected Apps" section of the Microsoft Defender for Cloud Apps portal. I tried removing it thinking that would solve the problem but it soon reappears. I believe that is due to Expense App being configure for SSO in Azure AD and Defender for Cloud Apps automatically discovering it.
Is there any way for me to get around this?

1 Reply

This should be possible if the app is not configured to go through MDCA proxy.

If you access the app from the conditional access app control apps page > "edit app" and make sure that "use the app with session controls" is unchecked.