Azure AD Conditional Access What If tool says Not enough information, what does that mean?

Michiel van Heerde 21

Hi,

I am configuring some new conditional access rules in Azure and am using the whatif tool to check their workings before putting them into production. With one rule the whatif tells me the reason for not being applied is: Not enough information

Besides not being able to see what is wrong with the rule I cannot find any information as to why there is not enough information, as far as I can see there is very little to no documentation on that specific reason. Funny thing is that when I test the rule on one account the logs tell me that the rule is being applied so that seems to contradict the whatif tool.

Has anybody seen this behavior or has anybody seen any documentation on this reason?

Kind regards,
Michiel

Willem Degenaar 1 Reputation point

2022-04-21T02:26:55.003+00:00

I logged a MS Support ticket on the issue. It is a confirmed bug, but no estimate when it would be resolved. They did point out to me the CA policy work. They did send me the link to this article for some reason .. :/
Marilee Turscak-MSFT 34,046 Reputation points Microsoft Employee

2022-04-21T02:30:14.807+00:00

Thanks for following up @Willem Degenaar . I just checked the bug and saw that this is still ongoing for many customers, but resolved for some customers. I have added your comments to the bug.

Accepted answer

Marilee Turscak-MSFT 34,046 Reputation points Microsoft Employee

2022-04-08T16:55:52.367+00:00

Hi everyone,

I got an update from the product team that a fix has been pushed, but it may take up to two weeks for the changes to be applied in production.

This is an issue only when the What-If tool is run on a Conditional Access policy (CAP) where there is a group assigned. Therefore, the workaround for now in this limited testing capacity is to assign users directly to the CAP instead of specifying a group.

A recommended approach to test Conditional Access Policies and understand how a policy acts is to use the Conditional Access Report-Only mode functionality. The results are logged to the Conditional Access and Report-only tabs in the Sign-in log details. The Conditional Access Insights workbook in Activity Monitor can be used to visualize queries and the impact of multiple report-only policies for a given time-range, set of apps and users. This is a good option if you are currently testing policy assignments.
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

10 additional answers

KenM-1800 6 Reputation points

2022-04-07T15:45:48.147+00:00

Hi - having the same issue. Any update on further fixes?
Please sign in to rate this answer.

0 comments No comments
Sign in to comment
Ivan Rizzuto 1 Reputation point

2022-04-08T07:03:03.897+00:00

@Marilee Turscak-MSFT
Got the same issue in three of our tenants.... pretty annoying to be honest.. I mean already one week and not even an official statement somewhere from MS Side?
Please tell us how to go on.
Please sign in to rate this answer.

0 comments No comments
Sign in to comment
Mark Sleeper 1 Reputation point

2022-04-08T12:12:42.713+00:00

@Marilee Turscak-MSFT

Same problem here. Please let me know if there's an update?
Please sign in to rate this answer.

0 comments No comments
Sign in to comment
Trevor Hannah 1 Reputation point

2022-04-11T08:03:50.213+00:00

Got the same issue, been driving me nuts for days.
Please sign in to rate this answer.

0 comments No comments
Sign in to comment