Conditional Access - App Exclusion not working when All Apps are included

Question

Hi, I'm trying to configure a Conditional Access Policy which would block all apps exclude one app (excluded). When I Include all Cloud Apps and indicate that one particular app under Exclude, and the Access Control to Block, it still blocks the excluded app. Can i check how to configure it correctly?

Answer 1

@Eunice

Issue: Conditional Access - App Exclusion not working when All Apps are included

As we discussed over the call, earlier the policy which was configured "Block Policy" where all cloud apps were included and excludes one app.

According to testing, users who attempted to visit one app in their browser were blocked, which is a normal occurrence it's by design feature. as we saw its calling Microsoft graph Therefore, in order to enable access to one app which was excluded you need to modify the policy instead of block policy you can set up a grant policy which requires double security. This is a result of a policy's effect since certain cloud apps have service dependencies, or dependencies on other cloud apps Service-dependencies Service-dependencies

as an alternative we suggested to you to create a grant CA policy which includes office 365 and exclude that one app which we saw and it's working now.

If you wish you may upvote the feedback in the below forum requesting this feature. All the feedback you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Azure.

Ideas · Community

I hope this clarifies things.

Please remember to "Accept Answer", so that others in the community facing similar issues can easily find the answers.