How do you edit the Microsoft Managed Conditional Access Policies?

Question

How do you edit the Microsoft Managed Conditional Access Policies?

Matthew Castaldo 0

Hello,

I am trying to edit one of the Microsoft Managed Policies under my Conditional Access Policies. I have the roles of Global Administrator and Conditional Access Administrator.

I am trying to exclude a user from a policy. When I exclude the user and save the policy, I get an error saving since "there are no users or groups selected". The issue is, I do not have permissions to selecte any users or groups (see attachment). This leads me to being unable to edit the policy and is causing a ton of issues.

I reached out to Microsoft Entra support OVER TWO WEEKS AGO and still have not heard anything back.

Does anyone have any suggestions?

Thank you.

Sridevi Machavarapu 31,095 Reputation points Microsoft External Staff Moderator

2025-11-25T08:58:08.9233333+00:00

Hello Matthew Castaldo,

Could you please provide Portal images and error screenshot here that helps to understand troubleshoot your issue further?
Matthew Castaldo 0 Reputation points

2025-11-25T16:43:48.5566667+00:00

Hello Sridev,

Here is a picture. I cannot edit this policy at all, even just to turn it off. Although no users are assigned to the policy, its requiring strength of authentication for my organization - which I want to disable. I have no other policies with strength of authentication on so I know this is the cause - the goal is to have only one method of MFA for a specific account, which is why I was trying to exclude that account from this policy.
Sridevi Machavarapu 31,095 Reputation points Microsoft External Staff Moderator

2025-11-26T21:05:42.5333333+00:00

Hello Matthew Castaldo,

Please share your contact email address and availability for a Teams call over Private messages tab so that we can connect offline and look into this further.

1 answer

Your answer

Sridevi Machavarapu 31,095 Reputation points Microsoft External Staff Moderator

2025-11-25T08:58:08.9233333+00:00

Hello Matthew Castaldo,

Could you please provide Portal images and error screenshot here that helps to understand troubleshoot your issue further?
Matthew Castaldo 0 Reputation points

2025-11-25T16:43:48.5566667+00:00

Hello Sridev,

Here is a picture. I cannot edit this policy at all, even just to turn it off. Although no users are assigned to the policy, its requiring strength of authentication for my organization - which I want to disable. I have no other policies with strength of authentication on so I know this is the cause - the goal is to have only one method of MFA for a specific account, which is why I was trying to exclude that account from this policy.
Sridevi Machavarapu 31,095 Reputation points Microsoft External Staff Moderator

2025-11-26T21:05:42.5333333+00:00

Hello Matthew Castaldo,

Please share your contact email address and availability for a Teams call over Private messages tab so that we can connect offline and look into this further.

Answer 1

Adam Zachary 2,265

You cannot edit Microsoft-managed Conditional Access policies the same way you edit your own custom policies. Even with Global Administrator and Conditional Access Administrator, Microsoft-managed policies have locked scopes. That is why the “Users and groups” section is disabled and why saving fails when you try to exclude someone.

To adjust them, you only have two supported options:

Turn the Microsoft-managed policy off.

Create your own custom Conditional Access policy that replaces it, where you control the assignments and exclusions.

You cannot change the user or group assignments inside a Microsoft-managed CA policy.

The UI is locked by design, so the error you see is expected behavior and not a permissions issue.

Matthew Castaldo 0 Reputation points

2025-11-25T16:40:56.84+00:00

I can't even turn the policy off or set it to report only since there are no users in the select group. I continue to receive this error.

Share via

How do you edit the Microsoft Managed Conditional Access Policies?

1 answer

Your answer