Forum Discussion

shockotechcom's avatar
shockotechcom
Iron Contributor
Oct 08, 2020
Solved

App Registrations and Conditional Access

This might be a dumb question but why do conditional access policies not apply to entities accessing AzureAD via an app registration? We are building some automation scripts to run in our DataCentre as per this guide. Security teams have been asking how to lock down script access so that AzureAD only accepts connection from our DataCentre. If this was an AzureAD user we could do this via conditional access but it's not.

 

  • VasilMichev's avatar
    VasilMichev
    Oct 09, 2020

    That's something only Microsoft can answer. But the reality is that you cannot limit logins, at least for the time being.

3 Replies

  • Not sure what kind of answer you are expecting here, app logins simply arent supported for CA. On the positive, Microsoft just started surfacing login events for such scenarios, so hopefully CA will follow soon.

    • shockotechcom's avatar
      shockotechcom
      Iron Contributor

      ThanksVasilMichev . I guess I am asking 'Why are they not supported' ? It seems like having simple IP restriction capability against them is highly desirable. I know app registrations are available on the free tier and conditional access is not. Perhaps that is one driver behind the scenes (who knows). 

       

      I guess a clientID/Secret combination or clientID/Cert is difficult to brute force?

      • VasilMichev's avatar
        VasilMichev
        MVP

        That's something only Microsoft can answer. But the reality is that you cannot limit logins, at least for the time being.

Resources