Microsoft Defender for Cloud Apps
A Microsoft cloud access security broker that enables customers to control the access and use of software as a service apps in their organization.
142 questions
Microsoft OneDrive or SharePoint does not redirect session to Conditional Access App Control policy in Microsoft Defender for Cloud App
Kosal Yeang
20
Reputation points
Hi community,
I have questions regarding to Conditional Access App Control policy with Session policy in Microsoft Defender for Cloud App.
My goal is monitoring real-time session on OneDrive for Business and SharePoint Online and apply some restriction action on these two applications using session policy on MDCA.
What I have done:
- Configure conditional access policy for session control to redirect custom policy in MDCA
- Configure Session policy on MDCA.
The problem is:
- When user access to www.office.com and they click on OneDrive or SharePoint app for this portal. the browser does not redirect user to MDCA proxy *.mcas.ms as expected. This behavior results in user session does not monitor by MDCA and we cannot apply real-time session restriction from MDCA.
Anyone have any comment, please kindly let me know.
Thanks.
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 27%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERP%3C/text%3E%3C/svg%3E)
Raja Pothuraju 6,170 Reputation points Microsoft Vendor2024-08-19T17:17:17.7933333+00:00 Hello @Kosal Yeang,
Thank you for posting your query on Microsoft Q&A.
Based on the information you provided, it seems that you have already configured the Conditional Access policy for session control to redirect to a custom policy in Microsoft Defender for Cloud Apps (MDCA) and have also configured the Session policy on MDCA. However, you are facing an issue where the user's session is not being redirected to the MDCA proxy *.mcas.ms when accessing OneDrive or SharePoint from the www.office.com portal.
To troubleshoot this issue, please verify the following points:
When you accessed OneDrive or SharePoint, was the correct Azure AD Conditional Access policy applied to the login? You can confirm this by reviewing the Entra Sign-in logs. Ensure that the Conditional Access App Control policy is applied to that specific sign-in.
In MDCA, check if the login was evaluated correctly and whether the appropriate policy was applied. If the policy was not applied correctly, review the activity logs and alerts to compare them with what the policy is filtering for. Identify what might have caused the policy to be excluded.
Does the issue occur in every browser, with different users, or on different machines? If it varies, it might help identify whether the problem is browser-specific or related to a particular user or device.
What browser did you use when attempting to log in? Different browsers may behave differently, so testing across various browsers might provide additional insights.
Thanks,
Raja Pothuraju. -
Raja Pothuraju 6,170 Reputation points Microsoft Vendor
2024-08-21T01:10:44.2+00:00 Hello @Kosal Yeang,
Following up to see if the below suggestion was helpful. And, if you have any further query do let us know.
-
Kosal Yeang 20 Reputation points
2024-08-21T04:06:26.4133333+00:00 Hi @Raja Pothuraju ,
Apologize for late reply.
Answer to your question below:
- In Entra ID portal, I am sure that conditional access policy as applied when user access to OneDrive or SharePoint.
- The Issue happened for every browser and machine.
- in MDCA, there are interesting thing that I want to update.
- When user access to SharePoint or OneDrive from www.office.com. I see the activity are logged, but the app shown in the log are Microsoft SharePoint Online or Microsoft OneDrive for Business. the policy was not applied.
- When I access to SharePoint or OneDrive directly from the URL: https://domain.sharepoint.com/sites/TEST/SitePages/CollabHome.aspx or https://onedrive.live.com/login/ The browser session is redirected to MDCA proxy, and the policy was applied. I see the activity are logged, but the app shown in the log are different. those are Microsoft SharePoint Online - General or OneDrive for Business - General.
I noticed that the policy applied only when direct access and with the app named end with - General. I don't know what is different between Microsoft SharePoint Online - General and Microsoft SharePoint Online.
- When user access to SharePoint or OneDrive from www.office.com. I see the activity are logged, but the app shown in the log are Microsoft SharePoint Online or Microsoft OneDrive for Business. the policy was not applied.
-
Raja Pothuraju 6,170 Reputation points Microsoft Vendor
2024-08-26T11:27:08.21+00:00 Thank you for sharing the additional information on this.
I would like to know if you are able to download files from SharePoint and OneDrive when accessing them through the Office portal.
It appears that when you're accessing SharePoint sites and OneDrive, downloads are being blocked. Could you confirm if this blocking occurs specifically when accessing these sites from the Office portal?
To check if the sites are being redirected to *mcas.ms when accessed through the Office portal, I recommend capturing web requests using Fiddler.
Capture web requests with Fiddler
Please let me know once you've captured the web requests. We can then connect offline to review them together.
Thanks,
Raja Pothuraju. -
Kosal Yeang 20 Reputation points
2024-08-27T11:06:01.4066667+00:00 Hi @Raja Pothuraju ,
I have investigated again, the session redirect to MDCA by conditional access policy when user sign in match condition define in the policy. However, even if it redirects to MDCA It not working if we access from Office.com portal. In activity log it shows as the screenshot that I shared you in previous comment. I think the problem is the app that I defined as condition in session policy in MDCA. Sometimes it shows as Microsoft SharePoint Online and sometimes it shows Microsoft SharePoint Online - General.
-
Raja Pothuraju 6,170 Reputation points Microsoft Vendor
2024-09-09T20:37:21.0566667+00:00 Hello @Kosal Yeang,
Sorry for the delay.
It seems that this issue requires further investigation to identify the cause. I would like to follow up with you offline to look into this more closely. Please send me an email at 'AzCommunity@microsoft.com' with the subject line "Attn: Pothurajur" and include a link to this thread/post in the email body.
We can connect offline to discuss this further.
Thanks,
Raja Pothuraju. -
Raja Pothuraju 6,170 Reputation points Microsoft Vendor
2024-09-12T21:28:16.5833333+00:00 Hello @Kosal Yeang,
I would like to follow up with you regarding your issue. Please send me an email to check this offline as mentioned above.
Thanks,
Raja Pothuraju.
Sign in to comment
Sign in to answer