Jonas Hilpert
@sololugan0.bsky.social
Microsoft 365 Security & Compliance enthusiast working at Swisscom Schweiz AG.
Update on that one, i tested it with other app exclusions.
Its seems that, i can exclude any random app (tested with custom App or even 'Report Message').
As soon as one app is excluded from the CA Policy, when getting a token for my test app, behaviour is again the same.
Its seems that, i can exclude any random app (tested with custom App or even 'Report Message').
As soon as one app is excluded from the CA Policy, when getting a token for my test app, behaviour is again the same.
December 18, 2024 at 8:06 PM
Update on that one, i tested it with other app exclusions.
Its seems that, i can exclude any random app (tested with custom App or even 'Report Message').
As soon as one app is excluded from the CA Policy, when getting a token for my test app, behaviour is again the same.
Its seems that, i can exclude any random app (tested with custom App or even 'Report Message').
As soon as one app is excluded from the CA Policy, when getting a token for my test app, behaviour is again the same.
Okey, but it's not even included in a CA requiring compliant devices (or any other control) for "all resources' (only 'Mobile Apps and Desktop Client', not for Browser)
And why is there a difference in CA Policy evaluation between the different platforms when requesting the same scopes?
And why is there a difference in CA Policy evaluation between the different platforms when requesting the same scopes?
December 18, 2024 at 11:08 AM
Okey, but it's not even included in a CA requiring compliant devices (or any other control) for "all resources' (only 'Mobile Apps and Desktop Client', not for Browser)
And why is there a difference in CA Policy evaluation between the different platforms when requesting the same scopes?
And why is there a difference in CA Policy evaluation between the different platforms when requesting the same scopes?
When we do the same for a SPA or Web platform, the App is included and controls are applied as expected:
December 18, 2024 at 10:29 AM
When we do the same for a SPA or Web platform, the App is included and controls are applied as expected:
Was it really just a renaming from all 'All cloud apps' to 'All resources' or are there more changed wich are not mentioned?
When requesting a token for the platform 'Mobile and desktop applications' #ConditionalAccess policies are 'not applied' anymore because the app is 'excluded':
When requesting a token for the platform 'Mobile and desktop applications' #ConditionalAccess policies are 'not applied' anymore because the app is 'excluded':
December 18, 2024 at 10:29 AM
Was it really just a renaming from all 'All cloud apps' to 'All resources' or are there more changed wich are not mentioned?
When requesting a token for the platform 'Mobile and desktop applications' #ConditionalAccess policies are 'not applied' anymore because the app is 'excluded':
When requesting a token for the platform 'Mobile and desktop applications' #ConditionalAccess policies are 'not applied' anymore because the app is 'excluded':