Conditional Access with Azure Registered App

Jamie Brandwood 6 Reputation points
2020-04-05T23:44:36.753+00:00

Is there a way to restrict access to an Azure AD registered application based on IP address or location when the said application is using a client secret because of its use as a Windows Service for example. so no underlying user to pass credentials?

This would mean there is no username passed to Azure AD in order to evaluate against a conditional access policy?

Has anyone else seen this scenario or have a solution for it? is there even a solution?

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,751 questions
No comments
1 vote

1 answer

Sort by: Most helpful
  1. AmanpreetSingh-MSFT 55,231 Reputation points
    2020-04-06T06:53:07.1+00:00

    @Jamie Brandwood Conditional access policy cannot be applied if you are requesting token under application context i.e., using client credentials.

    There is an active feedback regarding this feature here: https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/37867180-restricting-access-of-azure-service-principals-u. Please vote here as this is monitored by MS product team and based on the popularity of the idea features are added to Azure.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept as answer" wherever the information provided helps you to help others in the community.