Conditional Access with Azure Registered App

Jamie Brandwood 6 Reputation points
2020-04-05T23:44:36.753+00:00

Is there a way to restrict access to an Azure AD registered application based on IP address or location when the said application is using a client secret because of its use as a Windows Service for example. so no underlying user to pass credentials?

This would mean there is no username passed to Azure AD in order to evaluate against a conditional access policy?

Has anyone else seen this scenario or have a solution for it? is there even a solution?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,383 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. AmanpreetSingh-MSFT 56,301 Reputation points
    2020-04-06T06:53:07.1+00:00

    @Jamie Brandwood Conditional access policy cannot be applied if you are requesting token under application context i.e., using client credentials.

    There is an active feedback regarding this feature here: https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/37867180-restricting-access-of-azure-service-principals-u. Please vote here as this is monitored by MS product team and based on the popularity of the idea features are added to Azure.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept as answer" wherever the information provided helps you to help others in the community.

    2 people found this answer helpful.