Conditional Access Support for Storage Explorer
Is it possible to add support for the following?
"Conditional access is not supported when Storage Explorer is being used on Windows 10, Linux, or macOS. This is due to a limitation in the AAD Library used by Storage Explorer."
We are blocking non-administrative accounts to access any cloud app except for the ones we want to allow.
However some of our non-administrative users need access to a file share without using a windows vm using SMB. So we want to let these accounts use the Azure Storage Explorer to access these file shares.
However with our current conditional access policies the accounts that need to access the file share are blocked because the Azure Storage Explorer is using the Azure CLI (which apparently falls under Azure Management as a cloud app in conditional access).
We would love to see some extra cloud apps related to Azure Management so that we can make more use of conditional access policies.
Now we need to allow access to all users of file shares to the Azure Management cloud app but this means they can also logon to the azure portal, which we don't want.
Is it possible to implement a change?
Minh Trieu commented
We are trying to introduce some conditional access policy that will only allow users to connect to Azure Portal only if they are using a corporate laptop (AD Joined), by enabling such policy it stops users from using storage explorer though. Seems to be no way around this unless i remove them out of this Azure Policy
Ryan Messer commented
What needs to be exempted from Conditional Access for this to work?
Jose Arevalo commented
Please advise as this topic is pretty important. For security reasons we need to control access to BLOB, ADLS, CosmosDB based on tools also. Conditional Access Policies will be a good way to do it independent of the user is management/admin as exceptions are necessary.
E V Devarajulu commented
Any plans to have conditional access support for Azure CLI?
niklas lagersson commented
Any update on this topics. Can we have MSAL support so we can use CA AND Storage Explorer at the same time. Really difficult to set perssion below storage account level for the GEN2 Data Lake if storage explorer is the only tool to use for permissions...