question

KlownSec-8630 avatar image
0 Votes"
KlownSec-8630 asked KlownSec-8630 commented

Multiple Instances Enterprise APP

Hi,

I am deploying multiple instances for an Enterprise APP, https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/cisco-anyconnect.

So I will have multiple enterprise app’s of Cisco Anyconnect using different names Cisco AnyConnect - Prod, Cisco Anyconnect Prod 2 and Cisco Anyconnect Prod 3. There is a requirement to have a conditional policy to force MFA and Only grants access to Domain Computers ( Hybrid AD ). So is that possible to have only one conditional access policy and add the 3 cloud apps that I am going to deploy?

azure-ad-saml-ssoazure-ad-conditional-accessazure-ad-single-sign-on
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered KlownSec-8630 commented

Hi @KlownSec-8630 · Thank you for reaching out.

Yes, it is possible to add all instances of Cisco Anyconnect enterprise application in your tenant to on Conditional Access Policy. All you need to do is to add all instances under cloud apps, as highlighted below:

100406-image.png


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


image.png (40.3 KiB)
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @amanpreetsingh-msft, thank you so much - so with that i can “grant” mfa + hybrid ad for all those apps without any issue? Was just afraid to Mfa or hybrid ad does not work properly... On the logs, i will be able to see the sign in coming from the specific anyconnect instance name?

0 Votes 0 ·

@KlownSec-8630 · Yes, you can use same CA Policy to require MFA + Require Hybrid Join for both instances of anyconnect. Make sure that you select "Require all the selected controls" as highlighted below. "Require one of the selected controls" means MFA or Hybrid Join, not MFA + Hybrid Join. Also, the sign-in log will include App name and App ID, so you can identify which application, the sign-in was initiated from.
100541-image.png


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

0 Votes 0 ·
image.png (77.5 KiB)

Perfect @amanpreetsingh-msft thank you!!

0 Votes 0 ·