Forum Discussion
Condititional Access blocks access to AAD Management portal
hey guys, i know the basics.
But the main question is, why can i access the main azure portal itself, and CA is not blocking here, but, when i try to access the AAD management pane, CA is blocking.
I would like to know why, while both 'applications' are accessed/protected via the 'Microsoft Azure Management' cloud app, the result is not the same.
If you check the fail and succes log i attached, you can see the Application and Resource are the same.
- Dec 05, 2021Hi, I can actually reproduce the exact dumps you attached when using the "whitelist approach", i.e. 'block all cloud apps, except' and only adding a few (incl. Azure Management app). No other policies on the test user. Let me know if you stumble across something you've previously overlooked, thanks.
- JonhedDec 06, 2021Steel Contributor
Have you selected "All cloud apps" in the first block rule?
If so, what happens if you edit the rule to block only the cloud apps that are selectable in the list?
As is mentioned in the documents below, not all Azure services are onboarded for conditional access, so maybe there is some backend service that is required to access Azure AD, that is currently being blocked?
One would think that the service in question would show up in the sign in logs as being blocked though..
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-cloud-apps- Bernard_SemplicitaDec 06, 2021Copper Contributor
Jonhed
manually selecting all cloud apps, instead of the 'all cloud apps' does work. I also noticed, it is not just the AAD management portal being blocked, also the endpoint manager portal is blocked, when i use the default option 'All cloud apps'When manual selecting the apps, this portal is also available again.