Hi Jamf Champions,
We have MC1223829 – Upcoming Conditional Access change: Improved enforcement for policies with resource exclusions
This update states that if you have Conditional Access (CA) policies that are applied to all resources with excluded resources, and if those excluded resources have OIDC scopes or a limited set of directory scopes(user.read), then such policies will also be enforced for the excluded resources.
As per Jamf requirements, we have the Jamf Connect app in our Microsoft Entra ID, which is currently excluded in our CA policies using custom security attributes. With this change, the app may no longer be treated as an excluded resource, since it uses the User.Read scope.
What are your thoughts on this?
The change is scheduled to roll out from 27 March, and you might be impacted.