Dec 03 2021 07:26 AM
We have a group of users for which we like to limit the applications they can sign in to, using conditional access.
That should be easy with Conditional Access we thought, just block access and exclude the five applications they need. But we ran into an issue with MFA...
The users are unable to set/change their MFA settings because myaccounts.microsoft.com is also blocked and cannot be added as an excluded application.
It is not available in the GUI, and we're unable to add it using the PS/Graph.
Any suggestions on how to solve this? Thanks!
Dec 05 2021 02:33 PM - edited Dec 06 2021 01:41 AM
Good question, had to try it out to see the behavior. Let me know if you find something, I will ask around as well.
@bart_vermeersch I reckon the 'workaround' in the somewhat associated conversation might fix this too. Still I have asked a couple of identity/security experts about this. *update* I can now access myaccount.microsoft.com just not the 'security info' submenu. The app name now being 'My Access' in the block details (previously 'My profile' app blocked).
Dec 07 2021 02:37 AM
Solution@bart_vermeersch I've got replies and it doesn't seem possible, not now at least. When using the 'manual approach' with the apps I could access myaccount.microsoft.com and change the password, but not enter security info, always blocked at "My access" app.
Dec 07 2021 04:20 AM
@ChristianJBergstrom that's a bummer but thank you for asking around!
Dec 07 2021 04:31 AM
Dec 07 2021 02:37 AM
Solution@bart_vermeersch I've got replies and it doesn't seem possible, not now at least. When using the 'manual approach' with the apps I could access myaccount.microsoft.com and change the password, but not enter security info, always blocked at "My access" app.