How to Exclude Dynaway CMMS from Conditional Access Policies?

Question

Our organization currently has conditional access policies set up that require users to authenticate using MFA when signing in.

We were attempting to exclude a specific app called Dynaway (a CMMS app that works with Dynamics 365) from conditional access so that users signing in aren't prompted to authenticate. But even after adding Dynaway to the list of excluded apps from Conditional Access in Azure, users signing in are still being prompted to authenticate.

After reaching out to Microsoft Support, we worked with a technician on troubleshooting this issue. And eventually they confirmed that this app can't be excluded because either this app or it's dependencies are first-party from Conditional Access.

We are wondering if there may be another way for us to prevent this application from prompting users to authenticate when signing in.

Answer 1

Hello @Joseph Grady,

Thank you for posting your query on Microsoft Q&A.

Based on your description, it appears that you're attempting to exclude Dynaway CMMS from Conditional Access Policies. However, due to its service dependency on first-party applications, the application is still being affected by the Conditional Access policy.

To determine if there is an alternative way to exclude your application from the policy, we need to examine the application's configuration in your tenant. Reviewing the sign-in log details will help us identify whether the policy is being applied due to service dependencies.

Or else you can try doing it through assigning custom security attribute to your application and excluded the custom security attribute values from the CA policy just to understand if that helps in this situation.

Add or deactivate custom security attribute definitions in Microsoft Entra ID

Assign custom security attributes to an application

Filter custom security attributes via conditional access policy

Thanks,
Raja Pothuraju.