Conditional Access policy is broken.

Question

Hi

Intro : Recently we have added an application in Enterprise app, its a custom application build by DevOps ( Powerapps Wrapper mobile APK). We have ADFS and P2 AAD license.

Issue : We have conditional access policy that allow the user to login in the app mentioned in the target resource. We are unable to add that app in the CA policy, The search come empty when i insert app ID , Object ID , App name.

In sign logs it is confirm its the same policy which is failing , i tried to add that app in any random CA policy but same behavior.

User Side : When user try to login , its show them its not satisfying the conditional and press OK. When they press OK they are being logged in application .

Wierdest issue right ?

Answer 1

Hi @Mohammed Altamash Khan

Thanks for reaching out to Microsoft Q&A.

Regarding the first issue, where an application is not listed in the CA Policy target, there's a limitation for Public / Native clients as this type of client won't be available for you when configuring the policy. The document below outlines that information so, if possible, make sure that the application is registered as a Web App in Entra

https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-cloud-apps#other-applications

About the user behavior, we'd need to check exactly what's the CA that it's failing and its reason. Even though you were not able to configure your application there might be another setting on the CA affecting the user experience.

If you haven't done it already, check the properties as in the example below of the failing CA to check what exactly is making the CA to fail

Let me know if you have further questions.

Thanks,

Fabio