Has anyone have a setup where you roll out Netskope client to all your endpoints and configure Azure AD conditional access to allow connections to Microsoft services if they come via Netskope IP?
we are doing this as part of our own ZTNA setup to only allow trusted devices/location.
The setup works well with one minor problem. Netskope will have occasionally tunnel down/up (e.g. switching from LAN/docked to Wifi, etc) and that causes netskope to disabled momentarily before re-enabling again. (which means momentarily it shows attempting connection from non netskope IP)
This then lead to services e.g. teams, outlook etc require authentication immidiately which is not the best end user experience.
Has anyone encounter this and able to suggest solution/workaround? I dont want to change trusted location to country based as that defeat the purpose of the ZTNA we are doing.
We solved this ourselves in the end through different mechanisms but achieving same result.
Netskope client will always have a momentarily disconnection if network is switching. If conditional access is set to only allow netskope IP and no other IP, then outlook, teams, onedrive will fail instantly and have pop up for re-authentication request.