Importing existing conditional access policies into Nerdio from an existing tenant is a great and useful feature.
However not all imports seem to work as expected. I tried to import a conditional access policy that blocks the Device code flow for all users (best practice from microsoft: https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-authentication-flows#device-code-flow ) like so :
However when imported into Nerdio i was left with the following:
At first i did not pay attention to this expecting it to work as i had done plenty of times in the past. When i pushed this back to the customer i locked everyone out because Nerdio forgot to add the device code flow part in the import. Resulting in a policy that blocks all signings for all users. Not so much fun.
Therefor in first place i request the support for the authentication flows into Nerdio so they can also be managed.
And maybe as a second feature some enhanced visibility/notification if not all settings could be imported, for it is very easy to create downtime with conditional access policies if not everything gets imported.
Comments (2 comments)