Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Activity details: Sign ins tab contains very old and already deleted conditional access policies??

Steel Contributor

We're a but surprised (and worried) to see very old conditional access policies, which were deleted months ago, resurface on the Sign ins tab in the sign in logs of AAD.

 

By accident we stumbled upon a few user sign in logs with references too non-exiting conditional access policies. On the pane below, we see 30 policies listed for these sign ins while we currently have less than 10 conditional access policies. Most sign in are ok and just list the existing policies. 

 

bartvermeersch_0-1636220372893.png

 

Anyone else seen this weird and worrisome behavior?

2 Replies
Can't say I've ever seen deleted policies resurface, but there were some changes recently that caused older "classic" policies to be exposed in the UI. In any case, best check with support.
According to Support it is related to the new resilience defaults (which are in preview and already enabled by default). A bit odd that a backup IAM seem to have very old CA policies.

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/resilience-defaults