AzureAD Conditional Access with Teams / WARP client

We are playing around with AzureAD Conditional Acess for Teams and/or the Warp client. We only utilize Argo tunnels. We do not use the Access feature. With that said has anyone accomplished device control using AzureAD Conditional Access with Argo Tunnels?

I imagine one could using a JWT or similar validating worker.

We considered that or another type of device posture, however, our goal was to keep the device posturing native to AzureAD and it’s respective management platform. I’m okay with dropping a JWT token though. I could create one per user and utilize policies to enforce it per user. But…. Keeping it in AzureAD would be a bit more seamless for us.

You could also potentially use Cloudflare’s Access for SaaS but it would /really/ depend on the configuration. Cloudflare Access can consume Microsoft’s device posture in most configurations though if the record is proxid.

I realize you don’t use Access today but it is a pretty powerful tool so maybe try it at least and see if it meets your needs?

We use internal / non internet routable domains…. This being a domain we don’t own and can’t use public DNS servers with. The tunnel solution lets us use the DNS policies to override host names and resolve our internal IPs. This was not possible with the Access solution.