Share via

Conditional access policy in reporting mode shows unknownFutureValue

robcool 116 Reputation points
2024-05-21T04:34:15.34+00:00

Hi There,

I have a conditional access policy configured in report-only mode to enforce MFA for device registration. The report-only data shows no hits for report-only success or interrupted state; rather it shows some hits with status as unknownFutureValue.

Request you to please confirm what does unknownFutureValue refers to and if there is anything to consider while enabling the policy especially for users that that have unknownFutureValue state in reports.

Thanks.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,082 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. James Hamil 22,876 Reputation points Microsoft Employee
    2024-05-22T21:11:57.83+00:00

    Hi @robcool , the "unknownFutureValue" status in the report-only data for a conditional access policy indicates that the policy was evaluated, but the result is not one of the four possible values defined by Azure AD. This can happen if the policy includes conditions or controls that are not yet supported by the report-only mode.

    In general, you don't need to be concerned about the "unknownFutureValue" status in the report-only data, as it does not indicate a failure or security issue. However, if you see a large number of hits with this status, it may be worth reviewing the policy to ensure that it is configured correctly and that all conditions and controls are supported in report-only mode.

    Please let me know if you have any questions and I can help you further.

    If this answer helps you please mark "Accept Answer" so other users can reference it.

    Thank you,

    James