Conditional Access - Block all Cloud Apps and Allow Office 365 Preview only

tn-57-gs 26 Reputation points
2020-04-27T10:49:44.303+00:00

I have posted the same on an Intune forum and they recommended me to post it over here to know if the Sharepoint for iOS app has any dependencies or limitations.

https://social.technet.microsoft.com/Forums/azure/en-US/6d89c70e-e1ca-4dae-8d9b-1bc764ec4b77/conditional-access-policy-to-block-all-cloud-apps-and-allow-selected-apps?forum=microsoftintuneprod&prof=required

please check out the above post where I have clearly explained what policy I created and what app is causing the problem at sign-in after the first-factor authentication is successful. anyways, I am also mentioning it here as well.

The below policy has impact on Sharepoint for iOS only and the rest of the apps were working perfectly fine.

Block Policy:

7721-blockaz.png
Allow Policy:
7731-allowaz.png

Later, I thought of tweaking the above policy to the following way and it worked like charm but not sure why? I set up the device platform to "Any" instead of selecting a platform and selected the platform in the exclude

Here is the tweaked policy

Block All Cloud Apps:

7675-blockazworked.png

Allow Office 365 Preview

7741-allowazworked.png

So, what I would like to know is, why the device platform "Include/Exclude" behaves this way? is it by design? other policies also should I use the same way?

Microsoft Entra
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Vahid Ghafarpour 20,495 Reputation points
    2023-08-26T05:41:25.1366667+00:00

    The behavior you're experiencing might be influenced by the specific conditions and configurations you've set in your policy. While I don't have direct access to your Intune environment or the policy in question

    0 comments No comments