Aug 15 2022 09:37 AM
Hello!
We are trying to setup MAM policies in InTune. We want only whitelisted applicaitons allowed. At the start, this will the the O365, and a few other internal SSO apps.
The issue is, in order to only allow access to 5 apps/systems, we need to put in a Block All, and then add exclusions. I've done this. However, I am unable to get the browser side working, as signining into Edge is blocked.
I want to use Edge as the browser app, but with the block all, it doesn't allow users to sign into edge, so they can't get to the sso sites via edge. I do know which CA policy is doing it, I just don't know which item to add to it for an exclusion.
Anyone know how to exclude the Edge sign in from Conditional Access? I'm not sure what service/applicaiton it actually is.
I've included a screen shot of the sign in log.
Thanks.
Aug 15 2022 01:42 PM
Aug 16 2022 07:34 AM
You can try "What if" feature to better understand how policies will affect your users.
The Conditional Access What If tool - Azure Active Directory - Microsoft Entra | Microsoft Docs
Aug 16 2022 03:35 PM
@Rudy_Ooms_MVP The Conditional Access Policy is targeted to all Apps. Reason for this is because we need a specific whitelist of apps that are allowed to be accessed. In order to acocmplish this, the only way I've found to only alllow specific apps, is to block all, then add exclusions as needed.
Aug 16 2022 03:37 PM
Aug 17 2022 04:21 AM
Aug 17 2022 06:01 AM
Sep 19 2022 05:10 AM
Aug 23 2024 10:23 AM
Aug 23 2024 10:28 AM
@DBR14 -- Not really. Ended up inverting the whole thing. So we basically set Intuen to block everything, then we just allowed users in based on an access group. Essentially saying "ok" to access on your mobile if you have access on your computer.
We did put in some policies for the Microsoft cloud apps, and a few requriements for other apps. But just left everything else with some basic requirements.
I was moved into another area in my company, so haven't looked at mobile Intune in about 18 months.