question

JohnWalker-2105 avatar image
0 Votes"
JohnWalker-2105 asked amanpreetsingh-msft commented

AD conditional access policy to exactly mimick Office 365 Org setting "User Consent to Apps" - block third party apps

Office 365 allows you to block all third party apps using Settings -> Org Settings -> User Consent to Apps.

This works great but I want to make an exception for one user.

I was told conditional access could achieve this but I have tried and I am not sure on the exact way to configure this so it achieve EXACLY the same result as the Office 365 setting. Once I get this working I can then easily exclude one user.

I hope someone can help.

azure-ad-conditional-access
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered amanpreetsingh-msft commented

Hi @JohnWalker-2105 · Thank you for reaching out.

Unfortunately, there is no out of box setting in Conditional Access to block all 3rd party apps. In Conditional Access policies, you can either allow all apps and exclude specific apps or block all apps and exclude specific app(s), based on the number of apps you want to allow/block. You have to specify the applications manually in the Conditional Access policy.


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks.. so nothing will replicate the checkbox in Office 365? Can you suggest any other way of protecting most of my office 365 users and allow one user exceptions? The support guy I spoke to today suggested the risk setting. I want to allow "Adobe Cloud" and "Speaking Email" apps for this user for the moment

0 Votes 0 ·

Hi @JohnWalker-2105 · Are "Adobe Cloud" and "Speaking Email" applications registered in Azure AD App Registration or Enterprise applications? If yes, you should be able to exclude/include these applications explicitly from the conditional access policy. If you don't see these apps under Conditional Access Policy, make sure "WindowsAzureActiveDirectoryIntegratedApp" tag is added to these apps.

0 Votes 0 ·