Forum Discussion

stuffie's avatar
stuffie
Copper Contributor
Mar 12, 2024

Security Info blocked by conditional access

Hello, We have a conditional access policy in place where a specific group can only access Microsoft 365 (deny all apps, except Office 365). The moment a user clicks on Security Info in My Account...
Azure Active Directory (AAD)
Conditional Access
MFA
  • allesglar's avatar
    allesglar
    Jun 11, 2024

    Hello JosvanderVaart,

    we have a ca-policy in place in which all cloud apps are in scope. If the user accesses from a non-compliant device the policy blocks the access.

    A few cloud apps must be able to be accessed from non-compliant devices and they get excluded from the policy. Those cloud apps also require MFA to access them.

    Until this point all good. The problem is that a user accessing from an unmanaged device (he does not have a managed device) he cannot access the security-information page to activate MFA because the policy gets triggered and he gets blocked. 

    In the logs the policy gets triggered for a "ghost"-app called "My Sign-in". This app cannot be found and cannot be excluded from the policy.

     

    We have an open case with MS-Support on that and they confirmed this is a known issue and that currently there is no solution. On top many organizations seem to struggle with that, there is an open design request but no confirmed plans for a change.

     

    Really annoying and has cost us lots of time troubleshooting it already.

gbs916's avatar
gbs916
Copper Contributor
Aug 27, 2024
+1 Exactly the same issue ! Please MS, do something !

Resources