Forum Discussion
Conditional Access Policies Assignments Logic
Starting to work with conditional access policies. I note that you can create a policy that:
- Only contains a user assignment
- Only contains an application assignment
If I do this though and run the WhatIf tool it never applies to any users/app unless BOTH are configured i.e. I configure the policy to included at least 1 app and 1 user rather that just one or the other. I see from here it states you must configure both of them
So, is there any condition whereby a policy configured with either a user assignment or app assignment would be applicable? Am I missing something? Why can you configure a policy as such if it never applies 😐
shockotechcom You should at least provide a user, an application(or user action) AND a Access control to make a policy work.
If you, for example, would only say: if user X do control MFA, the policy would not work. You have to enter either all cloud apps or separate apps to make it work.
I agree, it should not let you save a policy that is not " complete"
I suggest you create a uservoice to address this: https://microsoftintune.uservoice.com/forums/291681-ideas/filters/hot?category_id=155130-conditional-access
