Conditional Access Link under Security section of Enterprise Application

Subramanyam k 251 Reputation points
2020-10-14T07:31:05.663+00:00

Hi,

This is regarding the Displaying of Conditional Access Link under Security section of Enterprise Application.

When create the application manually we are able to see the conditional access link under Security section.
But the same type of application when created using Automation. This link is not getting displayed.

Will there is any differences in Applications created manually and automation process.

Thanks
Subbu32195-conditionalaccess.jpg

Azure Automation
Azure Automation
An Azure service that is used to automate, configure, and install updates across hybrid environments.
1,129 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,589 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. AmanpreetSingh-MSFT 56,311 Reputation points
    2020-10-14T08:34:09.373+00:00

    Hello @Subramanyam k · Not sure how are you creating the application using Automation but if you use below method, you will get Conditional Access option available under the Security section.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

  2. AmanpreetSingh-MSFT 56,311 Reputation points
    2020-10-15T06:25:13.977+00:00

    Hello @Subramanyam k · The object that you see after navigating to Enterprise Application page by clicking the link in "Managed application in local directory" is the service principal corresponding to the application. When it is created via PowerShell, a tag named "WindowsAzureActiveDirectoryIntegratedApp" is not added to it, which is required for Conditional Access option. When it is created via Portal, this tag gets added automatically.

    You need to navigate to Enterprise Application page, copy the App ID, Object ID and Display Name of the service principal and run below command to add "WindowsAzureActiveDirectoryIntegratedApp" tag.

    Set-AzureADServicePrincipal -AccountEnabled $true -AppId your_app_id -ObjectId your_object_id -AppRoleAssignmentRequired $true -DisplayName your_display_name -Tags {WindowsAzureActiveDirectoryIntegratedApp}

    Once you add this tag you will be able to see the Conditional Access option.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.