Share via

Conditional access to only allow access to a specific website - Issue

Rachel Coles 46 Reputation points
2022-02-07T08:36:21.663+00:00

Hi,

We created a Conditional Access Policy 'Block_All_Cloud_Apps_excl_ExchangeOnline' to BLOCK a specific group 'SA_Mail_Only' with a member 'SA_Bing_Maps' access to all cloud apps but just allow it to access a specific external website.
We excluded this group from MFA.
Unfortunately it has resulted in the Group/User not been able to access the required website as it is asking for permissions via the Microsoft Graph from this website. The website is 'https://www.bingmapsportal.com/'
We also looked at added the website as an application but it is not part of the Enterprise Library of applications and I'm not sure if we add 'Create your own application' it will look.
How do we add the website as an exception to our Conditional Access Policy to just allow it to log onto this website and nothing else?
Any suggestions or comments appreciated

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,597 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. James Hamil 23,216 Reputation points Microsoft Employee
    2022-02-25T22:11:47.727+00:00

    Hi @Rachel Coles , I suggest troubleshooting this first by using this article. Please ignore the sections not pertinent to conditional access.

    The most likely solution by looking at this is editing the API permissions like in the article. Make sure that bingmaps has access, specifically "Read.All"

    If this answer helped you please mark it as "Verified" so other users may reference it. Please let me know if you have any questions.

    Best,
    James

    0 comments