This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 90%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EF%3C/text%3E%3C/svg%3E)
Good day!
I want to test a new policy that requires Multifactor authentication after login. Therefore, I created a new test user on Microsoft Entra ID.
After that, In Entra ID, I created a new policy by going to Security > Protect > Conditional Access > Create new policy. In the “Create new policy” menu, after setting the policy name, selecting the user, I looked for “Microsoft Azure Management” under Target Resource but could not find it. Therefore, I selected the resource “Azure ID Identity Governance” instead, and selected “Require Multifactor authentication” under Grant. However, after logging in with the test account, I wasn’t prompted to register the second factor of authentication. I repeated the test by selecting the resources “Azure Credential configuration endpoint service” and “Office 365” , and “Require multifactor authentication strength” inside Grant, but got the same results.
Then, under Microsoft Entra ID > Users, I found the option “Per-User MFA”, After clicking on “Per-user MFA”, selecting the correct user and clicking “Bulk update”, I was correctly prompted for Multifactor authentication after login.
therefore, I would like to ask the following:
Thanks for your support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
@Francis ,
The Conditional Access team also replied that you can apply the policy for the Microsoft Admin Portals instead. I'm still also waiting for confirmation about the name change though.
Cloud apps, actions, and authentication context in Conditional Access policy | Microsoft Learn
Thanks for your reply. I selected "Microsoft Admin Portals" under Target resources and it works. Specifically, after logging in with the credentials of the test account affected by the policy, I am correctly prompted to register the second factor of authentication.
When you have time, please confirm whether the "Microsoft Azure Management" resource changed name to "Windows Azure Service Management API", and whether you will update the documentation.
Thank you very much for confirming that it worked! I'll also update you when I get confirmation about the name change .
Hi @Francis ,
I checked in my tenant and am seeing the same issue, so I reached out to the Conditional Access team to see if they can confirm whether the name changed.
However, another engineer on my team has an older Conditional Access policy that he created for restricting access to Microsoft Azure Management. In that policy it looks like the cloud app referenced changed to Windows Azure Service Management API.
Additionally, when navigating to the Enterprise Applications list and searching for Windows Azure Service Management, this redirects to the Microsoft Azure Management app.
It looks like the name may have changed to Windows Azure Service Management API.
We are waiting on the Conditional Access team to confirm about this change and will update the thread once we hear back.
Thank you for your post!
As mentioned by Marilee, I was able to reproduce your issue and wasn't able see the Microsoft Azure Management cloud app. However, I did notice that when I went to an older CA policy - one that I created specifically for restricting access to Microsoft Azure Management, the cloud app referenced changed to Windows Azure Service Management API.
Additionally, when navigating to the Enterprise Applications list and searching for Windows Azure Service Management, this redirected me to the Microsoft Azure Management app.
Once we hear back from the CA Policy team regarding this change, we'll update our documentation to help alleviate any future confusion for customers going forward.
Additional Links:
I hope this helps!
If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.
If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.
Thanks for your reply. I don't know if this helps, but when I search for "Windows azure service management" on Microsoft Entra Gallery, I cannot find it (path: Entra ID > Enterprise Applications > New Application > search through the search box):
However, I can select the app under Target Resources (path: Entra ID>Security>Conditional Access>Policies)
Is the absence of the app from Microsoft Entra Gallery due to the fact that Micrsoft Active Directory changed to Microsoft Entra ID? Is it an error?