This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 34%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAK%3C/text%3E%3C/svg%3E)
Hello,
We use a shared iPad for testing and working in our company, during which we noticed that single sign-on (SSO) was creating trouble for us as we needed to switch between different domains and different IDs, but as SSO was enabled, some of the apps remained signed in due to this.
** "Is there any way by creating Conditional Access Policies or by configuration profiles by which we can restrict or block the SSO in the shared devices like iPad? If not, is there any other alternative to remove/restrict SSO from the shared devices?" **
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 20%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Hi @Abhi Kumar ,
Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept the answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
Thanks,
Shweta
Take a look at 'session controls' in conditional access - with a 'condition' for the device in question.
You can certainly target a specific CA policy at your device.
https://learn.microsoft.com/en-gb/azure/active-directory/conditional-access/concept-conditional-access-session#application-enforced-restrictions
Hi Mark
Thanks for your Suggestion. As per your suggestion we can ask users to Sign in again after some time like (9 hrs) by setting up the Sign-in Frequency in the Session control but we can't permanently block or restrict the SSO from the Shared Device Mode. Also this setting works on the users not on the devices.