SOLVED

Conditional Access (require compliant device) not working with Forms

Copper Contributor

Hi everyone, 

 

I experienced a strange behavior today. We have Azure AD Conditional Access enabled and require a compliant device for full access on all webApps. Meaning we only allow browser based access from every non compliant device including limitations on downloading and saving files on such a device. 

Unfortunately we found that with Microsoft Forms you can download the results of a survey to your client version of Excel and also save it on the local non compliant device. 

 

Can anyone help with that? 

 

5 Replies

Hey @boneyfrancis

 

no our problem is the exact opposite. We CAN open and download Forms results to non compliant devices even though we restrict that with Conditional Access. 

To my knowledge Forms doesn't have any security or compliance controls surrounding the product other than GDPR removal. I would recommend adding a uservoice for it, but right now there is nothing surrounding it from a security standpoint, so you may have to disable the use if that's a red flag.

Hey @Chris Webb

 

thanks for your answer. So you think that Forms does not work at all with Conditional Access? 

I mean it can be added to restrict access to it with CA so why should it not work? 

 

 

best response confirmed by Julia Gratzl (Copper Contributor)
Solution
Because the files are stored inside form.microsoft.com not via sharepoint or onedrive like everything else that has the file level conditional access policy engine.

Preventing from going to a URL is a different policy all together.
1 best response

Accepted Solutions
best response confirmed by Julia Gratzl (Copper Contributor)
Solution
Because the files are stored inside form.microsoft.com not via sharepoint or onedrive like everything else that has the file level conditional access policy engine.

Preventing from going to a URL is a different policy all together.

View solution in original post