12-08-2025 12:14 AM
Hello all, I'm facing an issue after trying to enable conditional access policy on Azure entra id in order to prevent the use of other browser except from Prisma Browser. Although the conditional access works for all the applications (SharePoint, in house apps using entra id, etc) as I wish, I'm facing a problem with outlook app and teams app (not web) as the authentication fails because the window that opens to fill user and pass is probably not a Prisma Browser window. Has anyone tried something similar? How can I force this authentication window to open through Prisma Browser so the conditional access doesn't fail?
Thank you in advance
12-08-2025 04:49 AM - edited 12-08-2025 04:55 AM
I think Prisma Browser is meant to be used with the web versions as to open them with the browser and with it to authenticate.
Still you can look microsoft articles like for example Can we use different default browser for Microsoft Teams? - Microsoft Q&A if it works as to change the default browser that Teams and Outlook use to the Prisma one but the apps may have their own direct communication to Office 365 without a browser even if the authentication to be through a browser. This is more Microsoft thing to be honest and you can check with them as well. From my fast checks seems like Teams newer versions may use Edge WebView2 that is integrated in the app itself but maybe in the setting it could be changed to to Prisma and maybe the same could be done for Chrome.
Also check your conditional access policies in Azure if they allow the desktop app not only the web one.
Also opening a support case for Palo Alto support to confirm this could be helpfull 😉
12-09-2025 12:05 AM
Hello @nikoolayy1 thank you for replying. I agree that if the web version of outlook or teams is used then PAB can authenticate you with no problem. I also agree that it is more Microsoft Azure issue than PA but I'm trying to figure out if someone else has faced this and how they solved it. I have also openned a ticket to PA. By the way, thank you for the link you shared but i have already tried making PAB default browser but this doesn;t seem to solve it. I'll post in here if I find anything else.
12-09-2025 06:33 AM
After contacting the local PA team and searching a little bit from Azure side I'm pretty sure there nothing we can do about htis authentication window as it is an embeded html page.
Moreover it seems like we resolved our issue by restricting the list of applications that use the conditional access policy.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
