Exclusion of Copilot App (for O365) from Conditional Access Policies does not work

Hi,

we've built a Conditional Access Policy in EntraID that forces MFA for all Cloud Apps. We want to exclude "Microsoft 365 Copilot"/ "Copilot App" so no Reauthentication is necessary for Copilot in the frame of accessing O365 content. Exclusion has been made for a range of identified Copilot applications that are shown in Sign-in logs.

However, reauthentication still pops up. No other conditional access policy is applied. It's this specific policy that requires reauthentication.

What's the reason why the exclusion does not work? Is there something else necessary to be taken into consideration so the exclusion works fine?

Many thanks in advance!