Exchange Online Powershell auto login and unable to login to other tenant-domain
So I have admin accounts for two companies. A main account which my machine is all setup with and our new parent company account. After turning on MFA for both, my Outlook stopped liking the second account(still haven't figured that out, but that's another story). So in the process of troubleshooting that, I was getting powershell working with MFA. Long story short, I got powershell working no problem, however it autologins when I Connect-Exopssession -UserPrincipalName <my UPN here> for my main account which I don't really think is a good thing from a security standpoint, and 2, when I put the UPN from the other tenant/domain in there, it fails with "Bad request for more information" after doing the MFA login. I had installed Microsoft Online Services Sign-In Assistant which I thought could be the culprit, but getting rid of it and restarted did not help. Any Ideas on how to stop this behavior and make me log in MFA every time instead of passthough and also why it might have broken logging into the other. Once I'm done with that rabbit hole I'm going to try and figure out why Outlook doesn't like the other account(doesn't even come up with the MFA stuff for it), but first things first.How Do I Target the Azure VPN Client in a Conditional Access Policy?
I am using the Azure VPN Client to connect users to an Azure VPN Gateway using their Entra ID credentials to authenticate. I want to target this application with a CA policy that requires MFA every time it connects. The problem is that I don't see the applications in my Enterprise Apps and all of my searching says that it won't appear because it was "pre-certified" by Microsoft. In the Gateway setup I used the Audience GUID of c632b3df-fb67-4d84-bdcf-b95ad541b5c8. And this is working as expected. The only solution that I have found for targeting the Azure VPN Client app is to create a Service Principal using that Audience GUID. This seems like a bit of a hack, so I am posting here to see if there are any other methods that I am missing to target this app when it doesn't appear in my Enterprise Apps list.
