Just in Time registration and compliance Remediation for iOS/iPadOS with Microsoft Intune

Intune_Support_Team We currently use this device feature policy using the SSO App Extension Type = MS Azure AD for 3rd party SaaS apps.  The way I understood it was that adding 3rd party bundleids to this configuration aids in SSO by pulling the user creds from Authenticator, which in most cases seems to work.  However, if I want to create another duplicate policy with different bundleids, the policy always shows as an deployment error.  I'm assuming this is because you can't create two Device Feature > Single Sign On App Extension policies and assign them to the same user group or device group.

So in this case, if my assumption is true, how would we go about keeping a SSO App Extensions policy #1 (for 3rd party apps) and deploy another SSO App Extension policy #2 (for MS apps) including the device registration key/value pairs to the same user/device groups?

Can you please let me know if it is possible to assign multiple SSO App Extension policies to the same user/device groups, i.e. basically all supervised devices?  So far I have only seen the policies showing errors when this was attempted in the past.