word.cloud.microsoft, excel.cloud.microsoft. powerpoint.cloud.microsoft bypass Conditional Access App Control Enformment
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 98%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAA%3C/text%3E%3C/svg%3E)
Alexander Alamein
0
Reputation points
Have conditional Access policy, which does the following.
- For an Unmanaged Device (Device not in intune)
- Allow Access to browser
- Use Cloud Access App Control
- Block Downloads
This works for the old urls where it routes to ".mcas.ms" to urls and allows for monitoring and blocking downloads in browser sessions.
This doesn't seem to work for when users accessing
-
word.cloud.microsoft -
excel.cloud.microsoft -
powerpoint.cloud.microsoft
and in effect allowing them to exfil/bypass download controls.
Is there a solution for this, should I block these apps, I've tried including them in session monitoring, but it doesn't seem to work, has anyone else come across this issue?
Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud Apps
Sign in to answer