Hi folks,
I'm thrilled to announce three major Microsoft Entra ID advancements that will help you protect your users with phishing-resistant authentication:
Public preview refresh: Device-b...
Updated Oct 23, 2024
Version 2.0
Blog Post
Any thoughts around allowing the Microsoft Authenticator App (AppID: 4813382a-8fa7-425e-ab75-3b753aab3abb) selective targeting via conditional access? Working for a large corp. and forcing an app protection policy by default to all apps for BYOD scenarios with iOS / Android. The issue is that the CA policy blocks sign-in from the authenticator app because it doesn't support an app protection policy, and there is no way to exclude it from what I can tell. Using the cross-device setup by scanning QR code from PC works, but signing in directly from authenticator app doesn't. This is the case for setting up passkey like above, but also for registering MFA directly from the device.
It's a pretty big limitation not being able to target the authenticator app given that for BYOD scenarios, we want to block most app by default and selectively allow only things that support an app protection policy. If I could just exclude the authenticator app life would be much easier.
I also submitted this here about 3 months ago and haven't heard anything: https://feedback.azure.com/d365community/idea/79700c7f-fd48-ef11-b4ac-000d3a7b1c7e
Tried support but got nowhere. Have created feedback for this conflict of passkey enablement with MAM CA Policies:
https://feedback.azure.com/d365community/idea/b41be38c-a1a7-ef11-95f6-000d3a01397d