Forum Discussion

WF-PHG's avatar
WF-PHG
Occasional Reader
Oct 03, 2025

CA policy Application not found in Target Resources

Hi, We have a CA policy for some external users (users created in AD and synked to Entra ID) that block access to everything in M365 except Azure Virtual Desktop (Resource ID: 9cdead84-a844-4324-93f...
Kidd_Ip's avatar
Kidd_Ip
MVP
Oct 04, 2025

May consider the following as workarounds:

 

1. Use the “All Cloud Apps” Targeting

  • Temporarily switch your CA policy to target “All cloud apps” and then use the “What If” tool in Entra ID to simulate sign-ins and identify which policies are triggered by the Windows 365 Portal.
  • This helps confirm whether the app is being blocked due to missing targeting or session controls.

2. Manually Add the App ID via PowerShell or Graph API

  • If the Entra UI doesn’t expose the app, you can manually add the Application ID (3b511579-5e00-46e1-a89e-a6f0870e2f5a) to your CA policy using Microsoft Graph API or PowerShell.
  • This allows you to explicitly include or exclude the Windows 365 Portal even if it’s not visible in the UI.

3. Use the Installed Windows App Instead

  • As a temporary workaround, instruct external users to use the installed Windows App rather than the web interface, since it correctly maps to the AVD resource ID already allowed in your CA policy.

Resources