Forum Discussion
Conditional Access Help
Hi - Thought this would be easy but it's not. We have a group of 5 temporary employees that need to access one custom built app in our environment. That app utilizes M365 authentication. I set...
Kidd_Ip Thanks, but unfortunately it doesn't appear that CA can do it.
I was able to get around some of this by creating a security group and granting a very limited F3 license. The only thing I haven't been able to block is Sharepoint. The user can still navigate to our company page and see a company based document library. I could do major changes to block it, but it shouldn't be that way and I would be nervous that I would block access to those that need it. I am hoping there is something easy. I may just have to go to Powershell and block each user individually to each particular site which is not ideal either.
To restate the problem:
I have a custom built enterprise application and a CA that blocks Office 365. I am unable to login with these accounts to the enterprise application. Is there a particular app that I can exclude that allows this authentication to work but doesn't grant access to Office apps?
- Hello!
Hmm this is strange, since the Office365 cloud app includes Sharepoint, OneDrive, Exchange Teams and much more but not Entra ID, so you adding Office365 to the blocked apps list should not block sign in via EntraID to the users.
I have an Conditional access policy myself where I block all apps except a custom application and that works.
How does the authentication look to your custom app? Is it SSO or how do users sign in?
Could you share screenshots of your CA policy with sensitive information blurred out?
Cheers!
Oliwer Sundgren
