Azure AD Conditional Access: User Agent

Erik Aronesty 0 Reputation points
2023-04-27T19:15:14.4766667+00:00

Hi!

We would like a simple filter to block user agents in conditional access. I know this can be easily evaded by an attacker, but this is really to prevent users from accidentally creating problems by using devices that our systems don't support - especially when working from home.

Is there any easy way to filter for user agent string or similar?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,731 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Harpreet Singh Matharoo 8,111 Reputation points Microsoft Employee
    2023-05-04T05:57:09.5066667+00:00

    Hello @Erik Aronesty

    Thank you for reaching out. I would like to confirm that currently Azure AD Conditional Access Policy does not support User Agent filtering or condition. Currently Azure AD Conditional Access Policy only supports filtering on the basis of conditions mentioned on following documentation: Conditional Access: Conditions.

    Within Device Platform condition Azure AD identifies the platform by using information provided by the device, such as user agent strings. Since user agent strings can be modified, this information is unverified. Keep in mind that user agent filtering is not foolproof and can be easily bypassed by users who know how to modify their user agent. Therefore, it is important to combine device platform with Microsoft Intune device compliance policies or as part of a block statement. The default is to apply to all device platforms.

    I hope this answer helps to resolve your issue. Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.