Share via

Conditional Access with Azure Registered App

Jamie Brandwood 6 Reputation points
2020-04-05T23:44:36.753+00:00

Is there a way to restrict access to an Azure AD registered application based on IP address or location when the said application is using a client secret because of its use as a Windows Service for example. so no underlying user to pass credentials?

This would mean there is no username passed to Azure AD in order to evaluate against a conditional access policy?

Has anyone else seen this scenario or have a solution for it? is there even a solution?

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. AmanpreetSingh-MSFT 56,966 Reputation points Moderator
    2020-04-06T06:53:07.1+00:00

    @Jamie Brandwood Conditional access policy cannot be applied if you are requesting token under application context i.e., using client credentials.

    There is an active feedback regarding this feature here: https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/37867180-restricting-access-of-azure-service-principals-u. Please vote here as this is monitored by MS product team and based on the popularity of the idea features are added to Azure.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept as answer" wherever the information provided helps you to help others in the community.

    Was this answer helpful?

    2 people found this answer helpful.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.