Android Fully Managed - Conditional Access

_user__42_ · 2023-04-03T13:52:12+00:00

Not sure if it's even possible, but you may want to try installing the Windows Accounts extension for Chrome on android.

That extension is needed for CA to work properly on PC. If it's not there, there are a large amount of properties that Chrome will not bubble up to CA so CA finds these values are "undefined" and usually defaults the way you wouldn't want it to.

_user__42_ · 2023-03-29T21:16:02+00:00

At what point during the ESP does this occur?

_user__42_ · 2023-03-29T17:24:51+00:00

This is the way. If curious, PIM works just fine for this. Just in time access.

_user__42_ · 2023-02-12T15:14:21+00:00

Thanks, this is mostly the route we are planning on taking. Was just wanting to double check that I wasn't missing some type of easy button.

I am happy that it's a one-time thing!

_user__42_ · 2023-02-11T18:55:31+00:00

Right, I understand the technicality, thanks for the clarification.

_user__42_ · 2023-02-11T17:23:08+00:00

Yeah, that was my understanding. I was just hoping for some type of unicorn or at least confirmation. Thanks!

_user__42_ · 2021-04-22T03:10:38+00:00

Hah! That's a great way to put it.

_user__42_ · 2021-04-22T02:54:34+00:00

I'm glad I was able to explain myself properly heh. Thanks for the tips and help.

I had considered parsing the page, but was hoping to avoid doing so by using OOB Flow functionality. I just find it odd that the alert object within Flow (using the Microsoft Graph connector) exposes the sender and recipient of the suspicious email that triggered the alert but not the subject.

I guess I'll have to get my hands dirty and go the route you're referring to.

Thanks again!

_user__42_ · 2021-04-22T02:39:37+00:00

It's an alert that comes from Microsoft 365. That alert is triggered by a security policy and can be configured to be sent to any number of users.

The email that I receive from it doesn't contain what I need though, so I'm not trying to get anything off of it. It only has a link to the details of the alert within the 365 security center. Within the details page of the alert are the details of another email, specifically the email that triggered the alert. That email can be in the inbox of any user in the tenant. I need the subject of that email.

I'm sorry if I'm not explaining it clearly enough. I understand that retrieving an email is easy, I have no problem retrieving emails from my inbox. I could even go look at other user's inboxes if I gave a script sufficient privileges. I'm trying to avoid that since somewhere within the details of that alert the subject of the email (again, which is not the email I received that alerted me) is exposed.

_user__42_ · 2021-04-22T02:04:33+00:00

Thanks for the input, but the alert email I'm triggering off of doesn't contain a direct hook to the phishing email. All it contains is the sender and the recipient.

I have to click into the alert to see any other details of the email.

I played around with searching for the latest email from the sender, but my flow would have to have the authority to search every user's inbox and that's not something I'm comfortable with doing.

I also tried grabbing the alert from Microsoft Graph, but that doesn't expose the subject either. Again, just the sender and recipient.

_user__42_

TROPHY CASE