Add Conditional Access support to Microsoft App Access Panel / MyApps
To allow us to create a blanket policy and then exclude the MyApps site from the Conditional Access Policy.
We can then allow customers to login and use the MyApps site as a launch pad to all their services whilst being very specific about what apps require additional compliance.
Bump.... pretty please? Asking nicely.....
Similar requests have been made, also @ https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/19738183-support-conditional-access-for-myapps-microsoft-co
Unfortunately MS doesn't feel the urgency to add this yet.
Arjun M commented
Microsoft should allow Conditional Access Support to Microsoft App Access Panel.
Effectively, if you want to restrict apps in an 'Allow Only' policy, you have to sacrifice security to achieve it! this is unacceptable in 2020.
Goodbye SSPR, MFA, My Profile pages of AzureAD/Office365...…….
Mark Simone commented
Any updates from Microsoft on this?
I am certain this is a bigger request than the count of votes on this uservoice item.
Mark DePalma commented
THE WORST part about this is if a user does an IdP-initiated SAML login using the direct 'User Access URL' the user still hits the app access panel during Conditional Access. This is a HUGE issue for us because our catch-all is requiring users to do MFA twice for some applications. In my opinion the 'User Access URL' SHOULD NOT be considered a hit on the app access panel because you are going directly to the app and you are not going into the panel at all.
Microsoft, when is the app access panel getting added as a CA app?
indeed the aka.ms/mfasetup (old experience)page is not longer blockable with the user action system...
Kyle Dalfrey commented
Would like to have this added to our Default CA policies so that we can have the Included Apps be "All Applications" and the excluded app be the App Access Panel and any other app that we want to exclude from our default CA policy. this way, we do not have to periodically verify we have all our apps accounted for in a CA policy (as we must have by internal policy)
I also request to subject Microsoft App Access Panel (or MyApps) to CA, in order to control the locations/devices from where Azure MFA can be registered.