![]() The second test is run from a machine that also doesn’t meet the Hybrid Azure AD condition, but this time the sign-in attempt is from the Skype for Business 2015 client. As expected, the access is denied along with a friendly and reasonably helpful error message (shown below). The first test is to determine whether the policy blocks access from the Skype for Business 2016 client (click-to-run version) running on a device that does not meet the Hybrid Azure AD condition. Once I’ve enabled and saved the policy the next thing to do is test whether it works as expected. I’ve left all of the other settings within the policy at their defaults. those that are joined to on-premises AD and device registered in AAD). I only want the policy to apply to Skype for Business Online.Īnd finally, I only want access to be permitted from Hybrid Azure AD devices (i.e. I want all users to be included in the policy. ![]() In this example, I have created a new Conditional Access policy specifically for Skype for Business Online. For example, the Skype for Business 2015 client (the one that ships with Office 2013, and without modern authentication enabled) cannot interpret the Conditional Access policy and as such will bypass the controls. those that do not support modern authentication. A client app that uses modern authenticationĬonditional Access is not processed by legacy clients, i.e. The problem has to do with the fact that Conditional Access only kicks-in when the authentication attempt is from the following: If you are using Skype for Business Online and want to control access to it using Conditional Access policy, you should be aware that under certain circumstances the control can be completely bypassed. Here’s something I discovered recently and would like to share with you.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |