cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Conditional Access Policy: Only allow access to a limited set of applications

bart vermeersch
Steel Contributor

‎Dec 03 2021 07:26 AM

‎Dec 03 2021 07:26 AM

Conditional Access Policy: Only allow access to a limited set of applications

We have a group of users for which we like to limit the applications they can sign in to, using conditional access.

 

That should be easy with Conditional Access we thought, just block access and exclude the five applications they need. But we ran into an issue with MFA...

 

The users are unable to set/change their MFA settings because myaccounts.microsoft.com is also blocked and cannot be added as an excluded application.

 

It is not available in the GUI, and we're unable to add it using the PS/Graph. 

 

Any suggestions on how to solve this? Thanks! 

Labels:
2,184 Views
1 Like
4 Replies
Reply
4 Replies
ChristianJBergstrom

‎Dec 05 2021 02:33 PM - edited ‎Dec 06 2021 01:41 AM

‎Dec 05 2021 02:33 PM - edited ‎Dec 06 2021 01:41 AM

Re: Conditional Access Policy: Only allow access to a limited set of applications

Good question, had to try it out to see the behavior. Let me know if you find something, I will ask around as well.

 

@bart vermeersch I reckon the 'workaround' in the somewhat associated conversation might fix this too. Still I have asked a couple of identity/security experts about this. *update* I can now access myaccount.microsoft.com just not the 'security info' submenu. The app name now being 'My Access' in the block details (previously 'My profile' app blocked).

1 Like
Reply
best response confirmed by bart vermeersch (Steel Contributor)
ChristianJBergstrom

‎Dec 07 2021 02:37 AM

‎Dec 07 2021 02:37 AM

Solution

Re: Conditional Access Policy: Only allow access to a limited set of applications

@bart vermeersch I've got replies and it doesn't seem possible, not now at least. When using the 'manual approach' with the apps I could access myaccount.microsoft.com and change the password, but not enter security info, always blocked at "My access" app.

0 Likes
Reply
bart vermeersch

‎Dec 07 2021 04:20 AM

‎Dec 07 2021 04:20 AM

Re: Conditional Access Policy: Only allow access to a limited set of applications

@ChristianJBergstrom that's a bummer but thank you for asking around!

1 Like
Reply
ChristianJBergstrom

‎Dec 07 2021 04:31 AM

‎Dec 07 2021 04:31 AM

Re: Conditional Access Policy: Only allow access to a limited set of applications

No worries. Will return and reply if I hear anything else (please do that too). Cheers!
1 Like
Reply
1 best response

Accepted Solutions
best response confirmed by bart vermeersch (Steel Contributor)
ChristianJBergstrom

‎Dec 07 2021 02:37 AM

‎Dec 07 2021 02:37 AM

Solution

Re: Conditional Access Policy: Only allow access to a limited set of applications

@bart vermeersch I've got replies and it doesn't seem possible, not now at least. When using the 'manual approach' with the apps I could access myaccount.microsoft.com and change the password, but not enter security info, always blocked at "My access" app.

View solution in original post

0 Likes
Reply