Hi there!
First of all, thank you for putting together this Conditional Access baseline! It's a fantastic resource and has been very helpful.
This is actually the first issue I've ever submitted on GitHub, so please bear with me if I get anything wrong!
I noticed that the CA200 policy (CA200-Internals-IdentityProtection-AnyApp-AnyPlatform-MFA) has two applications listed under excludeApplications:
372140e0-b3b7-4226-8ef9-d57986796201 - Azure Windows VM Sign-In7ee0ff59-27fd-4fc2-b341-202786641daa - [Storage Account] sam365pyldn01.file.core.windows.net
The README describes this policy as:
"This policy requires MFA for all internal identities, for all cloud applications, from any platform."
Since this repo is intended as a reusable baseline, I was curious, were these exclusions left in intentionally for a specific reason, or might they have slipped in during the export from your tenant?
Sincerely
Matt
Hi there!
First of all, thank you for putting together this Conditional Access baseline! It's a fantastic resource and has been very helpful.
This is actually the first issue I've ever submitted on GitHub, so please bear with me if I get anything wrong!
I noticed that the CA200 policy (CA200-Internals-IdentityProtection-AnyApp-AnyPlatform-MFA) has two applications listed under excludeApplications:
372140e0-b3b7-4226-8ef9-d57986796201- Azure Windows VM Sign-In7ee0ff59-27fd-4fc2-b341-202786641daa- [Storage Account] sam365pyldn01.file.core.windows.netThe README describes this policy as:
Since this repo is intended as a reusable baseline, I was curious, were these exclusions left in intentionally for a specific reason, or might they have slipped in during the export from your tenant?
Sincerely
Matt