Forum Discussion
Security Info blocked by conditional access
JosvanderVaart Sure:
stuffie If you look at the Conditonal Access tab, you can see exactly which CA policy is causing this behavior, can you take a screenshot of this?
- User is blocked by conditional access policy "All Apps - Block for [some group], except MS365".
I'm not sure what you want to accomplish with your question, because I explained this in my original post.
Hello JosvanderVaart,
we have a ca-policy in place in which all cloud apps are in scope. If the user accesses from a non-compliant device the policy blocks the access.
A few cloud apps must be able to be accessed from non-compliant devices and they get excluded from the policy. Those cloud apps also require MFA to access them.
Until this point all good. The problem is that a user accessing from an unmanaged device (he does not have a managed device) he cannot access the security-information page to activate MFA because the policy gets triggered and he gets blocked.
In the logs the policy gets triggered for a "ghost"-app called "My Sign-in". This app cannot be found and cannot be excluded from the policy.
We have an open case with MS-Support on that and they confirmed this is a known issue and that currently there is no solution. On top many organizations seem to struggle with that, there is an open design request but no confirmed plans for a change.
Really annoying and has cost us lots of time troubleshooting it already.
