25,176 questions
Hi Avihay,
Can you share your Conditional access policy settings and configuration please. I would like to replicate the settings and test out in my lab.
AAD Conditional Access - chrome not working missing sign in logs
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(316.8, 55.00000000000001%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAL%3C/text%3E%3C/svg%3E)
Avihay Levi
10
Reputation points
**Hi this is not a question rather a fix for Conditional Access policies failing on chrome browser.
**
Hi everyone,
I have been troubleshooting for a while on chrome and found out that in order to apply conditional access policies on chrome browsers you got to do two important things:
- Windows chrome extension - this extension is the reason you are able to send through log data to AAD from chrome that shows the device ID, compliance state, join type etc without it the logs will be empty and usually policies will fail all the time.
- Clear cookies - even though extension is installed it doesn't mean logs won't be empty because using current cookie sessions breaks the extension's functionality so you have to enter chrome://settings/content/all to the URL in chrome and clear all cookies data and suddenly all logs are being delivered properly from browser to AAD.
If anyone knows why clearing cookies worked with fixing the issue feel free to contact me or comment on this thread because I have been going insane for the last month trying to solve this problem :)
My speculation (not evidence based) is that keeping the old AAD cookie session which applies to 90 days in chrome messed with the extension because it was "painted" with the new data coming in from the extension's function so it's like not having the extension at all.
Thanks!
Avihay
Microsoft Security | Microsoft Entra | Microsoft Entra ID
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(240, 9%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EG%3C/text%3E%3C/svg%3E)
Gelon 0 Reputation points2023-09-13T06:50:02.4733333+00:00 Hi, Did you find solution? I have contacted MS regarding this. The answer was like "We are not aware of what google is doing with their products"
Sign in to comment