Conditional Access for app registrations with custom security attribute

Question

Hi everyone,I recently registered two applications in my Entra ID, both configurations are similar, they are mobile and desktop app and allow public client flows. The difference is I tag one of the application with custom security attribute, the purpose is exempt this application from Conditional Access MFA policy.&nbsp;After I only exclude the apps with the custom security attribute, my both applications are all exempt from the CA Policy unexpectedly.&nbsp;&nbsp;I checked the sign-in logs and it said both my registered applications are not applying any CA Policy, and I wonder to find out the cause because I don’t apply the custom security attribute to the other app.&nbsp;Any idea is appreciated! Thank you.

vasilmichev · Answer

This feature is still in preview, so I expect some issues might be expected. Can you share the CA configuration/filter used?

gds721 · Answer

VasilMichev&nbsp;Thanks for response.

vasilmichev · Answer

Just did some tests on my own, and it looks like the service sometimes fails to process the application condition correctly. The joys of playing with preview functionality 🙂

nlarsson · Answer

gds721One year later, I'm hit with the same issue. Were you ever able to figure this out?

Forum Discussion

Conditional Access for app registrations with custom security attribute

4 Replies

Resources