Skip to main content

We have recently enabled conditional access in Entra and ran into a problem.  Our setup says that only machines coming from one of our facilities or a Netskope IP range can access Teams, Outlook, etc.

The issue we are having occurs when a user is booting up their machine, Netskope does not enable before Teams and Outlook, causing the user to have to close the apps and click Sign In until a Netskope tunnel is enabled.

Is there something from the Netskope tenant we need to adjust to prevent users from having to close all of their programs each time they reboot or is this issue on the Microsoft side?  We considered a GPO for preventing Teams and Outlook from booting to allow Netskope to enable as well.

Any information anyone could provide would be appreciated.  Thank you!

Hi @jpires

Steering decisions are made at Neskope client level. So, unless netskope client is up and is able to see SSL handshakes, it is not going to tunnel the traffic. There is no setting in the tenant to influence this behaviour. Have you also considered the possibility of using a task scheduler to delay startup applications from launching ?

You can observe how long it takes the Netskope tunnel to come up and set the task scheduler accordingly so that Netskope tunnel comes up before the required apps using ENTRA conditional access.


Reply