Share via

Global Secure Access apply only to platform Windows and exclude any other platform

Sergio Londono 671 Reputation points
2024-11-08T19:27:31.0166667+00:00

Hello team,

We are implementing global Secure access in our company.

We know GSA is available in Windows with a client and in Android using defender for endpoint.
For iOS and MAC, it is in Preview.

  • Objective:
    We would like to deploy the Global Secure Access to only Windows, Meaning that, all the windows OS must connect from Global secure access.
    If Windows devices try to access the cloud resources using internet, it should be blocked.
  • If the connection comes from Android, iOS or MAC from internet, it should be allowed.

I am being trying to do it from conditional access policies adding:

  • Locations: "All compliant networks"
  • Platform: Include "Any platform " and exclude Windows.

User's image

the issue with this Conditional access policy is that the windows can connect either from internet or GSA agent,
If the GSA agent is disabled, the user can access the Sharepoint because the exclusion in the platform allow it.

So, the objective is force Windows use GSA.

Do you have any idea how to configure the conditional access policy to achieve it?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,157 questions
0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.