How to Exclude Dynaway CMMS from Conditional Access Policies?

Joseph Grady 0 Reputation points
2024-10-17T16:52:51.6066667+00:00

Our organization currently has conditional access policies set up that require users to authenticate using MFA when signing in.

We were attempting to exclude a specific app called Dynaway (a CMMS app that works with Dynamics 365) from conditional access so that users signing in aren't prompted to authenticate. But even after adding Dynaway to the list of excluded apps from Conditional Access in Azure, users signing in are still being prompted to authenticate.

After reaching out to Microsoft Support, we worked with a technician on troubleshooting this issue. And eventually they confirmed that this app can't be excluded because either this app or it's dependencies are first-party from Conditional Access.

We are wondering if there may be another way for us to prevent this application from prompting users to authenticate when signing in.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,273 questions
Dynamics 365 Training
Dynamics 365 Training
Dynamics 365: A Microsoft cloud-based business platform that provides customer relationship management and enterprise resource planning solutions.Training: Instruction to develop new skills.
155 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Raja Pothuraju 8,265 Reputation points Microsoft Vendor
    2024-10-28T19:23:39.49+00:00

    Hello @Joseph Grady,

    Thank you for posting your query on Microsoft Q&A.

    Based on your description, it appears that you're attempting to exclude Dynaway CMMS from Conditional Access Policies. However, due to its service dependency on first-party applications, the application is still being affected by the Conditional Access policy.

    To determine if there is an alternative way to exclude your application from the policy, we need to examine the application's configuration in your tenant. Reviewing the sign-in log details will help us identify whether the policy is being applied due to service dependencies.

    Or else you can try doing it through assigning custom security attribute to your application and excluded the custom security attribute values from the CA policy just to understand if that helps in this situation.

    Add or deactivate custom security attribute definitions in Microsoft Entra ID

    Assign custom security attributes to an application

    Filter custom security attributes via conditional access policy

    I would be happy to discuss this scenario further with you offline. Please email me at '[AzCommunity@microsoft.com]' with the subject line "Attn: Pothuraju" and include a link to this thread in the email body.

    Thank you, and I look forward to our conversation.

    Thanks,
    Raja Pothuraju.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.