Forum Discussion
Token Protection Conditional access policy is blocking access to PowerShell Modules.
Hi Everyone,
Recently we have started implementing Microsoft token protection via CAP.
We have created the policy based on the Microsoft documentation: https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-token-protection
Everything is working fine for regular users, but for our admin accounts that require access to Powershell modules, they get this error when trying to access:
I've confirmed this is linked to the token protection policy and no other policy is causing this behavior.
The policy is configured in the following way:
My question here is: How can I keep our admin accounts included on this policy without affecting Powershell access?
Thank you for your help.
1 Reply
Token protection only supports Exchange PowerShell module version 3.7.0 or newer and Microsoft Graph PowerShell version 2.0.0 or newer with EnableLoginByWAM option
Are your admins using these and are being blocked?
How Token Protection Enhances Conditional Access Policies - Microsoft Entra ID | Microsoft Learn
