May 29 2024 06:44 PM - edited May 30 2024 06:11 PM
Hello,
MDCA's session control is ignore network(IP range) settings in Microsoft Entra ID Conditional Access policy?
I understand that the following items are required for the session control policy.
- a conditional access policy that matches the traffic.
- a session policy in defender for cloud apps.
However, downloads are blocked in Microsoft Edge even if there is no Entra ID CA policy applied.
Microsoft Entra ID Conditional Access policy assignments(Network) not working with MDCA
May 30 2024 01:32 AM
@Seonghoon You can check the Sharepoint admin center for Access control policy.
May 30 2024 04:56 PM - edited May 30 2024 06:05 PM
@danghoang95 "Allow access only from specific IP address ranges" was disabled. And the browser displays same message as when the MDCA's session control policy was applied.
May 30 2024 06:49 PM
@Seonghoon the network settings are new and are related to SSE. I would recommend opening a ticket so we can investigate this further and understand if there is some conflicting behavior.
Jun 04 2024 07:28 PM - edited Jun 05 2024 04:25 AM
Thank you, The ticket interim findings show that existing EntraID settings (network) are not applied when "Edge Protection for Business" (https://security.microsoft.com/cloudapps/settings?tabid=edgeIntegration) is enabled.
I don't understand if this behavior was an intended change by Microsoft, then why that new feature has been activated as opt-out.