Upcoming Conditional Access change: Improved enforcement for policies with resource exclusions

We’re strengthening how Microsoft Entra Conditional Access is enforced for a narrow set of authentication flows to improve your security posture.

In alignment with Microsoft’s Secure Future Initiative, we are taking the following proactive security measures for defense-in-depth. Please review the changes and take any required actions to prepar...

Updated Jan 28, 2026

Version 2.0

Swaroop Krishnamurthy

Microsoft

Joined July 06, 2017

View Profile

Microsoft Entra Blog

Stay informed on how to secure access for any identity to any resource, anywhere, with comprehensive identity and network access solutions powered by AI.

Visit the homepage

pfasser

Brass Contributor

Feb 23, 2026

Hello all, in AVD environment you need to disable MFA for the storage account used for profile management: https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-hybrid-identities-enable?tabs=azure-portal%2Cintune#disable-multifactor-authentication-on-the-storage-account

When you are configuring the storage file setup, it automatically creates the Entra application with the following API permission:

How is this change affecting the profile management service?

Blog Post

Upcoming Conditional Access change: Improved enforcement for policies with resource exclusions

We’re strengthening how Microsoft Entra Conditional Access is enforced for a narrow set of authentication flows to improve your security posture.