Session control policies in Microsoft Defender for Cloud Apps - block copy, cut, and paste in web apps
In this article, I attempt to outline the process for creating session control policies using Conditional Access (CA) and Microsoft Defender for Cloud Apps or MDA for short. When I first set this up, I was unaware of the need to have a user sign in between setting up the CA policy and setting up the policy in MDCA which then allows session control policies to be applied. I will guide you through this, the policy setup and testing. An overview of the setup process looks like this: 1. Setup the CA policy 2. Have a user login 3. Apply the MDA access policy and add your conditions. 4. Test it 1. Setup the CA policy Pre-requisites: - a. the app should be available as an "Enterprise App" in Azure AD. Secondly, the app should support and be configured for SAML SSO. b. Azure AD P1 licenses are required. My understanding was always that MDA required Microsoft 365 E5 or equivalent licenses for applying policies, but Microsoft states in the following article that Azure AD P1 license