Forum Discussion
WF-PHG
Oct 03, 2025Occasional Reader
CA policy Application not found in Target Resources
Hi, We have a CA policy for some external users (users created in AD and synked to Entra ID) that block access to everything in M365 except Azure Virtual Desktop (Resource ID: 9cdead84-a844-4324-93f...
Kidd_Ip
Oct 04, 2025MVP
May consider the following as workarounds:
1. Use the “All Cloud Apps” Targeting
- Temporarily switch your CA policy to target “All cloud apps” and then use the “What If” tool in Entra ID to simulate sign-ins and identify which policies are triggered by the Windows 365 Portal.
- This helps confirm whether the app is being blocked due to missing targeting or session controls.
2. Manually Add the App ID via PowerShell or Graph API
- If the Entra UI doesn’t expose the app, you can manually add the Application ID (3b511579-5e00-46e1-a89e-a6f0870e2f5a) to your CA policy using Microsoft Graph API or PowerShell.
- This allows you to explicitly include or exclude the Windows 365 Portal even if it’s not visible in the UI.
3. Use the Installed Windows App Instead
- As a temporary workaround, instruct external users to use the installed Windows App rather than the web interface, since it correctly maps to the AVD resource ID already allowed in your CA policy.