Glad it helped.

No, currently session control policies are only applicable to browser, for rich client applications access policy is created, but that will just block/allow access based on a specific device like corporate owned or not. Session control for rich client may be announced in future.

@@ConceptsWork I have a doubt here..we r creating CA policy in Azure Ad portal .Also we r creating the activity type in session policy where we have option to select apps, conditions etc... My query is if we select ALL CLOUD APPS in Azure Ca policy, but in session policy we give only teams so which policy will override?? Also in session policy we have options to provide conditions..

The clients must be able to communicate with all the endpoints listed here - docs.microsoft.com/en-us/cloud-app-security/network-requirements Yes, you can define outbound rules on the firewall.

@@ConceptsWork as per the, article port 443 for Ip add n and dns names fed to firewall ... hope I understood that right.. Thanks

Glad you liked it!

No, the session polices will work for browser based sessions only.

Yes you can.

Not yet, but there will by first week of august.

When you select app enforced policy then it is not required, but for custom policy and monitor, MCAS license is required.

@@ConceptsWork to use Conditional Access app control (Monitor,Block,custom policy all options available in drop-down) we need MCAS licence.

I completely agree, Conditional Access app control require licenses, I was referring to app enforced policy option. But anyways thank you so much, for bringing these details, this means alot and it helps other viewers as well. Thanks Priyanka.

This is an endpoint DLP capability, as of now there is no video, but that's next in pipeline.