cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Conditional Access Policies Assignments Logic

shockotechcom
Brass Contributor

‎Jun 16 2020 03:43 AM - last edited on ‎Jan 14 2022 04:30 PM by

‎Jun 16 2020 03:43 AM - last edited on ‎Jan 14 2022 04:30 PM by

Conditional Access Policies Assignments Logic

Starting to work with conditional access policies. I note that you can create a policy that:

 

  • Only contains a user assignment
  • Only contains an application assignment

If I do this though and run the WhatIf tool it never applies to any users/app unless BOTH are configured i.e. I configure the policy to included at least 1 app and 1 user rather that just one or the other. I see from here it states you must configure both of them

 

So, is there any condition whereby a policy configured with either a user assignment or app assignment would be applicable? Am I missing something? Why can you configure a policy as such if it never applies :|

883 Views
0 Likes
1 Reply
Reply
1 Reply
JanBakkerOrphaned

‎Jun 16 2020 05:55 AM

‎Jun 16 2020 05:55 AM

Re: Conditional Access Policies Assignments Logic

@shockotechcom You should at least provide a user, an application(or user action) AND a Access control to make a policy work. 

 

If you, for example, would only say: if user X do control MFA, the policy would not work. You have to enter either all cloud apps or separate apps to make it work.

 

I agree, it should not let you save a policy that is not " complete" 

I suggest you create a uservoice to address this: https://microsoftintune.uservoice.com/forums/291681-ideas/filters/hot?category_id=155130-conditional...

0 Likes
Reply