Do Bootstrap Services such as OCaaS Question
I understand that bootstrap services bypass conditional access policies to run uninterrupted. However, I am wondering when this service should be seen in the logs with a successful login. For example, if someone attempts to log in to Outlook mobile but is blocked by a country CA Policy would there ever be a noninteractive login for OCaaS after that? Or Would OCaaS only run once a successful authentication on a device/application has been made?
Scenario, an interactive login from Russia failed for conditional access policy multiple times but was later observed as a noninteractive login with resource OCaaS and was successful. In this scenario would that mean that at one point in time that device had a successful interactive login or would that bootstrap service run even if it was a new authentication, blocked etc.?