Conditional Access for app registrations with custom security attribute

Copper Contributor

Hi everyone,

I recently registered two applications in my Entra ID, both configurations are similar, they are mobile and desktop app and allow public client flows. The difference is I tag one of the application with custom security attribute, the purpose is exempt this application from Conditional Access MFA policy.


After I only exclude the apps with the custom security attribute, my both applications are all exempt from the CA Policy unexpectedly. 


I checked the sign-in logs and it said both my registered applications are not applying any CA Policy, and I wonder to find out the cause because I don’t apply the custom security attribute to the other app.


Any idea is appreciated! Thank you.

3 Replies
This feature is still in preview, so I expect some issues might be expected. Can you share the CA configuration/filter used?
Just did some tests on my own, and it looks like the service sometimes fails to process the application condition correctly. The joys of playing with preview functionality :)