At least one Conditional Access policy is configured with All cloud apps

Description

Ensure that every app has at least one Conditional Access policy applied. From a security perspective it's better to create a policy that encompasses All cloud apps, and then exclude applications that you don't want the policy to apply to.

This practice ensures you

• Don't need to update Conditional Access policies every time you onboard a new application.
• Protect all Microsoft Graph API calls from apps that are not listed in the Apps blade in the Entra portal.

How to fix

Create a conditional access policy that applies to All cloud apps, and then exclude applications that you don't want the policy to apply to.

Related links

• Entra admin center - Conditional Access | Policies
• Apply Conditional Access policies to every app