maester icon indicating copy to clipboard operation
maester copied to clipboard
verified publisher icon maester365

MT.1005 All CA policies exclude break glass but Workload Identities

Open alexmags opened this issue 1 year ago • 1 comments

Some CA policies apply to Workload Identities instead of users. In this mode you can't add break glass. This test should ignore CA policies that apply to Workload Identities.

Background: App access to EntraID and Office365 uses App registrations often with long lived secrets (passwords) instead of safe MFA.

With additional licence, CA policy can apply to workload identities to apply IP filtrering/network Location control. This reduces risk of compromised creds for app registration being abused from elsewhere on internet.

alexmags avatar Oct 08 '24 10:10 alexmags

Also facing this issue

BenPennellAviva avatar Nov 12 '24 09:11 BenPennellAviva

@alexmags and @BenPennellAviva I tried to reproduce the issue, but I can't do it. Does the issue exist in the newest version? If so, please provide a JSON file for debugging.

l-gosling avatar Aug 31 '25 16:08 l-gosling

@l-gosling doesn't appear to be failing on workload id policies anymore, thanks for following up!

BenPennellAviva avatar Sep 01 '25 08:09 BenPennellAviva

@alexmags Can you close the error? Alternatively, @merill or @SamErde

l-gosling avatar Sep 01 '25 15:09 l-gosling

@l-gosling doesn't appear to be failing on workload id policies anymore, thanks for following up!

Can this be closed now?

SamErde avatar Sep 04 '25 14:09 SamErde

I think so, i tested this and don't get this error. Ben got the error but not getting it anymore, so i think some one other fixed the issue. @SamErde

l-gosling avatar Sep 04 '25 20:09 l-gosling