microsoft-authentication-library-for-android icon indicating copy to clipboard operation
microsoft-authentication-library-for-android copied to clipboard

Published 20 hours ago verified publisher icon AzureAD

AzureAD Conditional access rules ignore exclude extension attribute filter

Open Jeremyp87 opened this issue 2 years ago • 0 comments

When filtering for devices the ExtensionAttribute rule is ignored, both policies seem to always apply regardless of the extensionAttribute that's set.

You can reproduce this behavior in the whatif tool.

Policy #1 "deviceFilter": { "mode": "exclude", "rule": "device.extensionAttribute3 -ne "MFA Allowed"" },

Policy #2 "deviceFilter": { "mode": "exclude", "rule": "device.extensionAttribute3 -eq "MFA Allowed"" },

Reproduce: Create the two policies Go to whatif tool Set device extension attribute3 to MFA Allowed Only Policy 1 should apply.

Clear device extension attribute 3 Only policy 2 should apply.

Actual behavior: Both policies always apply.

Jeremyp87 avatar Oct 11 '22 01:10 Jeremyp87