Many organisations restrict access to Office 365 services and applications from unmanaged or non-compliant endpoints through the use of Azure AD conditional access policies. In additional to these traditional conditional access policies, Cloud Apps Security (CAS) extends these capabilities with additional features, including custom block messages and custom alerts surfaced from within the CAS administration portal.
CAS policies are broken down into session policies (those which affect web browser sessions) or access policies (those which affect desktop applications) and are applied to access attempts against Office 365 applications and services such as Microsoft OneDrive for Business, Microsoft Exchange Online, Microsoft SharePoint Online, and Microsoft Teams.
Microsoft’s Cloud Apps Security (MCAS) extends the conditional access configuration and alerting capabilities provided by Azure Active Directory. Many organisations rely on conditional access to control the devices people use to access corporate data, and in many instances to block access if devices do not meet compliance requirements.
But what happens if blocking access from unmanaged devices is too restrictive? What if an organisation needs to continue to support access from these devices and can access be enabled in a secure manner?