Source: Help Net Security
Author: Sinisa Markovic
URL: https://www.helpnetsecurity.com/2026/01/29/microsoft-entra-conditional-access-policy-enforcement/
Conditional Access enforcement change coming to Microsoft Entra
ONE SENTENCE SUMMARY:
Microsoft will enforce Conditional Access policies for all resources, affecting certain client applications, starting March 2026.
MAIN POINTS:
- Enforcement change begins March 27, 2026, with rollout through June 2026.
- Affects sign-ins via client apps requesting only OIDC or limited directory scopes.
- Enforced during sign-in even with resource exclusions in policies.
- Users may receive Conditional Access challenges like MFA or device compliance.
- Enforcement depends on access controls configured in target policies.
- Applies to tenants with policies targeting all resources and exclusions.
- Tenants lacking this specific policy configuration remain unaffected.
- Swaroop Krishnamurthy provided details on this change.
- Azure AD Graph explicitly mentioned as a target resource.
- Change aims to enhance security measures across Microsoft Entra.
TAKEAWAYS:
- Prepare for enforcement changes starting March 2026.
- Review Conditional Access policies with resource exclusions.
- Anticipate increased security challenges during sign-ins.
- Understand impact on client apps with specific scope requests.
- Monitor updates and adapt policies as needed for compliance.