Forum Discussion
'Microsoft App Access Panel' and Conditional Access with SSPR combined registration bug
Currently, enabling self-service password reset (SSPR) registration enforcement causes the app 'Microsoft App Access Panel' to be added to the login flow of users who have SSPR enabled. This app is n...
CommsGuys1855 is there a case we can reference for the July Workaround. I'm having difficulties getting past the front line(s)
I don't know what the Microsoft method was but I was able to get this working by creating a custom security attribute, assigning it to the access panel object & then adding an exclusion filter in my CA policy to exclude apps that matched the custom attribute. All working now.
Hi Nayem,
Microsoft finally got back to use with the same solution. Not sure why it took them so long (after initially saying it wasn't possible, known issue, by design...). We had to do it for the Microsoft Invitation Acceptance Portal and Microsoft App Access Panel.
- Added attribute set under Custom security attributes
- For that attribute set, I added 2 attributes with predefined values of MicrosoftAppAccessPanel and MicrosoftInvitationAcceptancePortal.
- For each of those 2 Microsoft Enterprise applications, assigned the appropriate security attribute from the attribute set under Custom security attribtues
- In our block CA policy under Exclusions, added a filter for each attribute with the appropriate value and an or.
Scott
