Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

Conditional Access Applications

Brass Contributor

When I review the applicaitons in Conditional Access Overview, I see under Users without coverage Microsoft Authentication Broker with most employees listed (ie: 33 out of 33).  Most status is Success but Conditioal Access shows Not Applied.

 

Is this a normal behavior or am I missing something under Policy?

 

I have a Policy - Require MFA for internal users (admins not included) - Basic where the Control selected is Requred multifactor authentication.  We have all users using the Microsoft Authenticator app.

 
 
 
 
4 Replies

@bfry2461 This is a normal behavior. The Microsoft Authentication Broker facilitates the SSO across a bunch of different services and apps. It handles token exchange so you don't have repeated authentication. Some devices have it built into the operating system while others like MacOS or iOS have the Microsoft Authenticator to use instead. 

 

A "success" status with conditional access as "not applied" is also normal because the broker has enabled SSO. Its always a good idea to review your conditional access policies and check for any exclusion or by-pass rules that you may have set. It's likely you've done something like this, but it doesn't hurt to review it on a regular basis.

 

Hope this helps.

 

G.

Thank you for the reply. The conditional access policies we use are generic as to they came from Microsoft and we have not tweeked them.
Is it possible to get set it so the Microsoft Authentication Broker shows the success under User with coverage vs the Users without coverage?
Not that I'm aware of.

@Gregory_Wilson3468 - Can you share MS documentation links explaining this about Authentication Broker ?  Thanks!