This might be a dumb question but why do conditional access policies not apply to entities access AzureAD via an app registration? We are building some automation script to run in our DataCentre as per
[this] guide. Security teams have been asking how to lock downs its access so that AzureAD only accepts connection to it form our DataCentre. If this was an AzureAD user we could do this via conditional access but it's not.