This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 4%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENH%3C/text%3E%3C/svg%3E)
I can't find the "Azure Windows VM Sign-In" cloud app in Azure Gov to exclude in a Conditional Access Policy for MFA.
For reference, that cloud app is in the Microsoft documentation: https://learn.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows#using-conditional-access
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 88%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
I can confirm that the commands in the link below worked for me. You just have to make sure you include -Environment USGov when connecting.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 78%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJL%3C/text%3E%3C/svg%3E)
Same issue here. Trying to log in to a newly created VM and can't. Instead of "Azure Windows VM Sign-In" I did find the VM by name and added it to exclusions but it still isn't working.
Did you ever find a solution to this? I'm running into the same thing.
Nope. I reached out to a bunch of engineers directly and never got an answer. I'm implementing some workarounds in the meantime.
Dang, I was about to put in a support request to see if they can help. Hopefully they add the application soon. Do you mind sharing your workarounds?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 0%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDO%3C/text%3E%3C/svg%3E)
BUMP! Running into this exact same situation and can't locate "Azure Windows VM Sign-In" in the cloud apps. Trying to exclude it from my MFA Conditional Access rule in order to allow sign-in without activating Windows Hello for Business.
@Nicholas Hughes what workarounds did you implement?
@Daniel Otero not sure if you saw but it looks like Microsoft has a solution for this now. I have not tested yet, but it's at the bottom of this article https://learn.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows#missing-application
Thanks! I was able to locate the "Azure Windows VM Sign-In" cloud app in Conditional Access.
Yeah, I missed it on my first 3 read throughs (probably because the beginning of the section only mentions VERIFYING that the enterprise app is there) but the instructions are there for adding the app to the enterprise apps list. I haven't tried them out yet but I'm encouraged by the comments I'm seeing here.
If this command results in no output and returns you to the PowerShell prompt, you can create the service principal with the following Graph PowerShell command:
New-MgServicePrincipal -AppId 372140e0-b3b7-4226-8ef9-d57986796201
Successful output will show that the Azure Windows VM Sign-In app and its ID were created.