This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(73.60000000000001, 65%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
I'm experiencing an issue with the Windows App on macOS after a recent update. A macOS user is unable to access the AVD (Azure Virtual Desktop). I need to whitelist this application, but I can't find it in the Enterprise Applications. I have a Conditional Access policy in place that only allows certain apps to operate outside my location. Could you assist with this?
Hi, could you share the error message for further troubleshooting?
hi @Karlie Weng
Thank you for your response. I need to whitelist this application from the Conditional Access Policy. We have some clients operating outside the country, so we have a policy implemented for the few apps they can access from outside. We previously whitelisted an older version of the Remote Desktop app.
The Windows app on macOS is failing because the policy detects that the application is not whitelisted. I now need to register this application in the Enterprise Applications to whitelist it, but I am unable to find the app.
thankyou
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 14.000000000000002%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
To answer my own question ... I engaged with Microsoft support. If you take a closer look at what the user was blocked in the Sign-In logs you will notice that the "Resource" blocked was "Windows Cloud Login".
Add "Windows Cloud Login" to the list of exceptions in the conditional access policy then it will work.
From the sign-in logs under "Basic Info":
However is you switch to Conditional Access and click on the policy that is failed you will see this:
Clearly this one's wrong.
Adding the correct resource in the CAP got it to work for me.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(16, 12%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
I have got a similar issue. The Windows App for Mac does not seem to be recognised. Are you planning to add it?
These are currently the ones i am whitelisting so there is one missing for app id 63896e48-3d27-4ce2-9968-610b4af62c5d
Hi Michalis, I'm planning to add that app. It’s currently missing from the whitelist.
Entra ID team suggests to search this app from CA policy: Windows Cloud Login 270efc09-cd0d-444b-a71f-39af4910ec45
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 27%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERP%3C/text%3E%3C/svg%3E)
Hello @angela,
Thank you for posting your query on Microsoft Q&A.
Have you raised a support ticket for this issue? If so, could you please share the ticket number with me?
I would be happy to discuss this scenario further with you offline. Please email me at 'AzCommunity@microsoft.com' with the subject line "Attn: Pothurajur" and include a link to this thread in the email body.
Thank you, and I look forward to our conversation.
Thanks,
Raja Pothuraju.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(243.2, 61%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERC%3C/text%3E%3C/svg%3E)
it seems that the new Windows APP RDP client wants to enumerate both the resources on Azure VDI and WIndows 365; in this case, access to "Windows 365" resource is being blocked (even it you don't have Windows 365 in place).
Solution I found (and works) is to add "Windows 365" to the exception list ... signin logs do not reflect this correct (they will show that the "Windows 365 IW Service" is being blocked, but it works after adding this resource ...
("Windows Cloud Login" is also on the exception list, but it is not sufficient alone)
I have the exact same problem. Any way to add the remote desktop software on macOS to the list of exceptions?
Adding the mentioned 3 whitelisted apps is not working and my users on macOS are being blocked from logging in due to this.