Netskope Community
06-05-2023 06:00 PM
Has anyone have a setup where you roll out Netskope client to all your endpoints and configure Azure AD conditional access to allow connections to Microsoft services if they come via Netskope IP?
we are doing this as part of our own ZTNA setup to only allow trusted devices/location.
The setup works well with one minor problem. Netskope will have occasionally tunnel down/up (e.g. switching from LAN/docked to Wifi, etc) and that causes netskope to disabled momentarily before re-enabling again. (which means momentarily it shows attempting connection from non netskope IP)
This then lead to services e.g. teams, outlook etc require authentication immidiately which is not the best end user experience.
Has anyone encounter this and able to suggest solution/workaround? I dont want to change trusted location to country based as that defeat the purpose of the ZTNA we are doing.
07-05-2023 11:15 AM
Hello @TjhiaS,
What function of AzureAD Conditional Access is causing the immediate authentication attempt? We might want to look at tuning the authentication timers or other options.
07-05-2023 08:36 PM
We solved this ourselves in the end through different mechanisms but achieving same result.
Netskope client will always have a momentarily disconnection if network is switching. If conditional access is set to only allow netskope IP and no other IP, then outlook, teams, onedrive will fail instantly and have pop up for re-authentication request.
In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below
Sign In