From d53145c73176d13d2fe572c4d2b5f9b1a326d5e2 Mon Sep 17 00:00:00 2001 From: Qazi Ehteshamuddin Date: Fri, 10 Oct 2025 18:12:13 +0900 Subject: [PATCH] Update note on Conditional Access applicability Clarify that Conditional Access does not apply to Windows sign-in processes. we already call this out in our sign-in logs docs but not in our core CA docs yet. --- .../concept-conditional-access-cloud-apps.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/identity/conditional-access/concept-conditional-access-cloud-apps.md b/docs/identity/conditional-access/concept-conditional-access-cloud-apps.md index b6f33585017..7a521b38465 100644 --- a/docs/identity/conditional-access/concept-conditional-access-cloud-apps.md +++ b/docs/identity/conditional-access/concept-conditional-access-cloud-apps.md @@ -76,6 +76,9 @@ Because the policy is applied to the Azure management portal and API, any servic > [!NOTE] > The Windows Azure Service Management API application applies to [Azure PowerShell](/powershell/azure/what-is-azure-powershell), which calls the [Azure Resource Manager API](/azure/azure-resource-manager/management/overview). It doesn't apply to [Microsoft Graph PowerShell](/powershell/microsoftgraph/overview), which calls the [Microsoft Graph API](/graph/overview). +> [!NOTE] +> Conditional Access doesn't apply to Windows sign-in, such as Windows Hello for Business. Conditional Access protects sign-in attempts to cloud resources, not the device sign-in process. + > [!TIP] > For Azure Government, you should target the Azure Government Cloud Management API application.