Login with Windows Terminal and conditional access

Belan Marek 51 Reputation points
2022-01-27T07:15:48.143+00:00

When we use windows terminal for Azure Cloud shell, in sign in log there is no info about Operating System.
We have CA blocking all Operating System exclude windows , MacOS , Android and iOS.
But this usage is blocked by this policy cause in sign in log there is no info abou Operating System.
In others logs everywhere is OS info.

168929-image.png

eg login to office.com
168855-image.png

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,396 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Siva-kumar-selvaraj 15,546 Reputation points
    2022-02-03T08:32:56.223+00:00

    Hello @Belan Marek ,

    Thanks for reaching out.

    Azure Active Directory is the "consumer" of the data. It is up to the Application to offer information about the operating system, etc. Unfortunately, this appears to be a known limitation of accessing Azure cloud shell via Windows Terminal, since we can not see any operating system information.

    Here is another not supported scenario with CloudShell when using the device-code OAuth flow, the require managed device grant control or a device state condition which aren’t supported.

    if you would like to exclude CloudShell in these scenarios from being evaluated by the Conditional Access policy already in place (Include All Apps), I would suggest excluding "Microsoft Azure Management - APP ID: 797f4846-ba00-4fd7-ba43-dac1f8f63013" from this policy. For further information about Microsoft Azure Management, refer. Please be aware of that, not only windows terminal app, but also the other apps that rely on to Microsoft Azure Management will be affected as well.

    Additionally, if you do not wish to exclude the whole app, you may try excluding certain individuals or groups. Alternatively, you may utilize Grant Access: Require Multi-Factor Authentication with this policy, users running untrusted operating systems must complete MFA before accessing cloud resources.

    I fully understand that the current behavior of Windows Terminal + Azure Cloud Shell with CA required operating system may not satisfy your security concerns; therefore, please feel free to provide feedback via the following link: https://feedback.azure.com/d365community/forum/4518e8d7-0925-ec11-b6e6-000d3a4f0858.

    Hope this helps.

    -----
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.
    0 comments No comments