question

RomanMazzella-5689 avatar image
0 Votes"
RomanMazzella-5689 asked AnshulKumarMINDTREELIMITED-5501 commented

Legacy Auth with Service Principal

Setting up the conditional access rule to block legacy oauth and noticed my cloud backup provider is using it as a service principal. How do I exclude this from being blocked or is it automatically excluded?

azure-ad-conditional-access
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi, if the posted answer resolves your question, please mark it as the answer by clicking the check mark. Doing so helps others find answers to their questions.

0 Votes 0 ·

1 Answer

JamesTran-MSFT avatar image
0 Votes"
JamesTran-MSFT answered JamesTran-MSFT commented

@RomanMazzella-5689
Thank you for your post!

Based off our What is Conditional Access documentation, your service principal should be excluded from your conditional access policy, because CA policies are if-then statements, if a user wants to access a resource. Additionally, within the Portal it only allows you to exclude Users, Groups, or specific Directory roles from your policy, and not service principals.

116431-image.png


Additional Links:
Service principal object
Client apps
Block legacy authentication


I hope this helps! If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.


Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.


image.png (31.2 KiB)
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@RomanMazzella-5689
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?

1 Vote 1 ·

Thanks James, I am good for the moment. I am going to enable the policy and cross my fingers.

Roman

0 Votes 0 ·
JamesTran-MSFT avatar image JamesTran-MSFT RomanMazzella-5689 ·

@RomanMazzella-5689
Thank you for the quick follow up!

If you have any issues with your service principal, feel free to let me know and we can definitely take a closer look into your environment to resolve the issue.


If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.


Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

0 Votes 0 ·