I have one basic question around Conditional Access Policies.
As we know , Azure AD CA-Policies help us undergo the additional factors while any client-app is requesting token for any CLOUD RESOURCE
I have a client-app which is just preparing OAuth request with SCOPE=OpenID and redirecting user to AAD to collect the token.
If AAD-admin wants to make sure that such request must undergo MFA or TOU or any other CA-policy grant, which minimal set of CLOUD RESOURCE should be added in that CA-policy ??