![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 97%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELC%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
24,635 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 28.999999999999996%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDM%3C/text%3E%3C/svg%3E)
Hi Loïc,
Thank you for posting your query on Microsoft Q&A!
You can safely ignore this message "Exclude at least one account to prevent yourself from being locked out. If you don't exclude any account, you won't be able to create this policy."
Since you are targetting only legacy clients then you will not be blocked from logging into the Entra ID portal, so in the event you need to add exclusions at a later time, you can simply modify the Conditional Access policy.
I will make a request to remove that message from our document.
Let me know if you have any further queries, I would be happy to help!
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.