Validating the conditional access policy

Once you create the conditional access policy, validate if the unmanaged devices can access Office 365 account through reverse proxy only.

Steps

  1. From an unmanaged device, open your browser.
  2. Access https://myapps.microsoft.com and authenticate using the Microsoft Entra ID credentials.

    After successful authentication, you can view all assigned Microsoft 365 applications along with the Forcepoint ONE SSE reverse proxy application you have created.



  3. When you click any Microsoft 365 application to access it directly and if the application is blocked for direct access in the conditional access policy, then the following block message appears.


    In such scenarios, users should click the Forcepoint ONE SSE reverse proxy application available on the My Apps page.

  4. Click the Forcepoint ONE SSE reverse proxy application. You are redirected to Reverse Proxied Microsoft Entra ID login page at login-microsoftonline-com.<username domain>.<tld>.
  5. Re-authenticate using Microsoft Entra ID user credentials.

    After successful authentication, you can now access Microsoft 365 applications using the agentless reverse proxy.

  6. Verify that the URL is www-office-com.btglss.net/ which means that your Microsoft 365 traffic is going though Forcepoint ONE SSE to provide visibility and data protection.