| title | Conditional Access policies block access from unmanaged apps |
|---|---|
| author | brenduns |
| ms.topic | include |
| ms.date | 09/22/2025 |
| ms.custom | Intune-Secure-Recommendation |
If Microsoft Entra Conditional Access policies aren't combined with app protection controls, users can connect to corporate resources through unmanaged or unsecured applications. This exposes sensitive data to risks such as data leakage, unauthorized access, and regulatory noncompliance. Without safeguards like app-level data protection, access restrictions, and data loss prevention, threat actors can exploit unprotected apps to bypass security controls and compromise organizational data.
Enforcing Intune app protection policies within Conditional Access ensures only trusted apps can access corporate data. This supports Zero Trust by enforcing access decisions based on app trust, data containment, and usage restrictions.
Remediation action
Configure app-based Conditional Access policies in Microsoft Entra and Intune to require app protection for access to corporate resources:
For more information, see: