Conditional Access policy is broken.

Mohammed Altamash Khan 2,161 Reputation points
2024-09-23T16:28:06.0833333+00:00

Hi

Intro : Recently we have added an application in Enterprise app, its a custom application build by DevOps ( Powerapps Wrapper mobile APK). We have ADFS and P2 AAD license.

Issue : We have conditional access policy that allow the user to login in the app mentioned in the target resource. We are unable to add that app in the CA policy, The search come empty when i insert app ID , Object ID , App name.

In sign logs it is confirm its the same policy which is failing , i tried to add that app in any random CA policy but same behavior.

User Side : When user try to login , its show them its not satisfying the conditional and press OK. When they press OK they are being logged in application .

Wierdest issue right ?

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,530 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,725 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Fabio Andrade 1,660 Reputation points Microsoft Employee
    2024-09-23T23:54:57.5866667+00:00

    Hi @Mohammed Altamash Khan

    Thanks for reaching out to Microsoft Q&A.

    Regarding the first issue, where an application is not listed in the CA Policy target, there's a limitation for Public / Native clients as this type of client won't be available for you when configuring the policy. The document below outlines that information so, if possible, make sure that the application is registered as a Web App in Entra

    https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-cloud-apps#other-applications

    User's image

    About the user behavior, we'd need to check exactly what's the CA that it's failing and its reason. Even though you were not able to configure your application there might be another setting on the CA affecting the user experience.

    If you haven't done it already, check the properties as in the example below of the failing CA to check what exactly is making the CA to fail

    User's image

    Let me know if you have further questions.

    Thanks,

    Fabio

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.