Set the network range to which session control applies

Copper Contributor

Hello,

MDCA's session control is ignore network(IP range) settings in Microsoft Entra ID Conditional Access policy?

I understand that the following items are required for the session control policy. 

- a conditional access policy that matches the traffic.

- a session policy in defender for cloud apps.

 

However, downloads are blocked in Microsoft Edge even if there is no Entra ID CA policy applied.

 

 

Microsoft Entra ID Conditional Access policy assignments(Network) not working with MDCA

Seonghoon_1-1717117755896.png

 

4 Replies

@Seonghoon You can check the Sharepoint admin center for Access control policy.

@danghoang95 "Allow access only from specific IP address ranges" was disabled. And the browser displays same message as when the MDCA's session control policy was applied.

Seonghoon_0-1717117498564.png

 

@Seonghoon the network settings are new and are related to SSE.  I would recommend opening a ticket so we can investigate this further and understand if there is some conflicting behavior.

Thank you, The ticket interim findings show that existing EntraID settings (network) are not applied when "Edge Protection for Business" (https://security.microsoft.com/cloudapps/settings?tabid=edgeIntegration) is enabled.
I don't understand if this behavior was an intended change by Microsoft, then why that new feature has been activated as opt-out.