You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: ATPDocs/deploy/activate-sensor.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -25,7 +25,7 @@ You can choose to activate eligible domain controllers either automatically, whe
25
25
|---------|---------|
26
26
|Activate new sensor |The domain controller is already onboarded to Defender for Endpoint. [Activate the sensor](#activate-the-defender-for-identity-sensor).|
27
27
|Install classic sensor|[Deploy the classic Defender for Identity sensor](install-sensor.md) from the **Sensors page**.|
28
-
|OS update is required |This domain controller is running an unsupported operating system version for the new sensor. Update the server to Windows Server 2019 or later to use the new sensor. |
28
+
|OS upgrade is required |This domain controller is running an unsupported operating system version for the new sensor. Upgrade the OS version to the latest version. |
29
29
30
30
<!--|Download onboarding package |[Onboard the domain controller to Defender for Endpoint](#onboard-the-domain-controller).|-->
Copy file name to clipboardExpand all lines: CloudAppSecurityDocs/caac-known-issues.md
+29Lines changed: 29 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -114,6 +114,35 @@ A user who starts a session in Edge with a profile other than his work profile,
114
114
115
115
If the URL points to a resource within the secured application, the user will be directed to the application's homepage in Edge.
116
116
117
+
### Outdated session policy enforcement with Edge
118
+
When a session policy is enforced using Edge in-browser protection and the user is later removed from the corresponding Conditional Access (CA) policy, the original session enforcement may still persist.
119
+
120
+
Example Scenario:
121
+
122
+
A user was originally assigned a CA policy for the Salesforce application, along with an Defender for Cloud apps session policy that blocked file downloads. As a result, downloads were blocked when the user accessed Salesforce in Edge.
123
+
124
+
Although the admin later removed the CA policy, the user still experiences the download block in Edge due to cached policy data.
125
+
126
+
Mitigation Options:
127
+
128
+
Option 1: Automatic cleanup
129
+
1. Reassign the user/app to the CA policy.
130
+
2. Remove the corresponding Defender for Cloud Apps session policy.
131
+
3. Have the user access the application using Edge, this will trigger the policy removal automatically.
132
+
4. Remove the CA policy again.
133
+
134
+
Option 2: Manual cleanup
135
+
1. Delete the cached policy file
136
+
- Go to: C:\Users\<username>\AppData\Local\Microsoft\Edge\
137
+
- Delete the file: mda_store.txt
138
+
139
+
2. Remove the work profile in Edge
140
+
- Open Microsoft Edge.
141
+
- Navigate to Profile Settings.
142
+
- Delete the work profile associated with the outdated session policy.
143
+
144
+
These steps will force a policy refresh and resolve enforcement issues related to outdated session policies.
145
+
117
146
## Related content
118
147
119
148
-[Conditional Access app control in Microsoft Defender for Cloud Apps](proxy-intro-aad.md)
0 commit comments