GSA - Web content filtering - Custom blocked page
Hello everyone, I have a quick question. I just tested the 'Web Content Filtering' of Global Secure Access. However, in Microsoft's documentation, two processes are mentioned for displaying blocked sites (related to HTTP and HTTPS). I wanted to know if it is possible to create a custom page (for example, adding the company logo, indicating the reason for blocking such as the associated web category, etc.). I tried to search, but no documentation related to this is available (or at least I couldn't find it). Thanks in advance for the help!
Security Info blocked by conditional access
Hello, We have a conditional access policy in place where a specific group can only access Microsoft 365 (deny all apps, except Office 365). The moment a user clicks on Security Info in My Account, the user is blocked by this policy. I cant find a way to exclude the app "My Signins" (AppId 19db86c3-b2b9-44cc-b339-36da233a3be2). Since MFA is forced for this group, they can't change their authenticator app registration. Is there a solution for this? Initial MFA setup works by the way. UPDATE jan 23, 2025: I contacted Microsoft support and this was their answer (in short): " MySignin is a very sensitive resource that is not available in the picker and cannot be excluded in the conditional access policy. Also, the application is calling Microsoft Graph. I understand that this is not the information you are looking to hear at this time, I would have loved to help but the application cannot be excluded from the policy. "Non persistent session on not joined devices
Hi, how do I create a conditional access policy within intunes that requires a non joined device and then specifies the persistent browser session to "never persistent". As I look ath the settings I am only be able to set "Require Microsoft Entra hybrid joined device". Thanks Cheers, heinzelrumpel
Enable MFA method
Dear, Currently in our company, the authentication methods policy > Microsoft Authenticator defaults to “any”. Either “passwordless” or “Push”. It is possible to enable the following authentication method through a conditional access policy, currently it is enabled for some users. Desired authentication method: The current method is as follows: Can it be enabled for professional accounts or is it only focused on personal accounts? Thanks in advance.
Android Personal Devices enrollment in Microsoft Intune
Hi, I want to enroll Android personal devices for my employees who use their phones to access company data like teams and mails. I need that even those who are already access outlook mobile with unmanaged devices be forced to enroll them before they access my company data. I have tried the following. Created managed google play account Turned on automatic enrollment Turned on: Personal and corporate-owned devices with device administrator privileges Created a device platform restriction policy which pointed to dynamic device group Created a compliance policy blocking rooted devices and requiring a password to access company apps Created a Conditional Access policy in Entra ID which requires devices to be marked as compliant before accessing any cloud app. This policy is pointing to a dynamic device group. I had first assigned it to all users, but it didn't work out. With the above settings, devices can enroll but even those which are not enrolled still have access to the cloud apps. How can I force those unmanaged devices not to access the company mails and teams, and then prompt them to download a company portal app and enroll their BYOD/Personal devices? NB: I have achieved the above on iOS but Androids failed Please advise me.
Excluding user to MFA with conditional access
Im having some issues with excluding users from MFA with conditional access. The user what im trying to exclude is an functional account. But the thing is, this account is both in the including and excluding part of this setting, because the user is member of the Azure group where all users are in. With this configuration, the user is still getting promped for MFA registration when login into Office365. So the exclusion doesnt seem to override the inclusion option. Do i need to remove this user from the Azure group where all users are members from, or is there another solution for this?Blocking Personal Outlook and Gmail Accounts on Corporate Device
Hello Community, In my organization, we use the Microsoft 365 environment. We have a hybrid infrastructure, but we aim to deploy as many policies as possible through Microsoft 365 (Intune, Purview, Defender, etc.). One of our goals is to limit the use of corporate devices for personal purposes. We use Outlook as our corporate email service, and we would like to block employees from signing into their personal email accounts (either via web or desktop application). Additionally, we would like to block access to other email services, such as Gmail, both via web and desktop apps. Could you provide guidance on how to achieve this? I would greatly appreciate any help or suggestions. Thank you very much! Juan RojasHow to foce intune client in Ubuntu to synch automatically
Hello, in my company we have enrolled Devs Ubuntu devices to control some security setting and allow or not the access to our company apps and content. We have set compliance policies and enabled conditional access to check its. i have been surprised this morning by the last checking date of my Ubuntu laptops and ask my Devs of last signin in company portal client and the date match with the last checking date. I concluded, the company portal is synching only when the user open it and signin. This is a big problem for us because we are certified ISO27001 and we must check all devices compliance. Somebody has a script to deploy on those ubuntu devices and force a synch every day waiting for a Microsoft evolution of this process. Thanks a lot and regards MajidBlock none enrolled device to user who have enrolled devices
First of all, thank you for everything. I have users who have their device enrolled with the company. I have others who don't yet. I need to block access with personal devices to those users who already have their device enrolled. I do NOT have a group that identifies which users have it and which don't, it's random. Thanks for the help !!!
