Open Celio-Rossy opened 1 year ago
@Celio-Rossy Thanks for your feedback! We will investigate and update as appropriate.
@Celio-Rossy I understand your confusion. The flowchart in the documentation you mentioned is a bit confusing. You are correct that if the "Access control BLOCK conditions satisfied" is true, then the access token would not be issued. The flowchart seems to imply the opposite. When the result is "No," it means that the access token is not issued.
In general, Conditional Access policies are evaluated when a user attempts to access a resource. If the conditions of the policy are met, the user is either granted or denied access to the resource. If the user is granted access, an access token is issued. If the user is denied access, no access token is issued.
I hope this helps clarify your understanding of Conditional Access policies. Let me know if you have any further questions.
@YashikaTyagii Thanks for the follow-up. I think I understood under what conditions the user would be granted access to the resource (i.e. the access token is issued).
However something still does no add up after your explanation. If the "No" was supposed to mean "the access token is not issued", then the result on "CA policies are in scope of request" condition is incorrect. The flowchart says an access token is issued.
If the "No" and "Yes" do represent the result of the condition described in the diamond shape, then the "No" and "Yes" attached to "Access control BLOCK conditions satisfied" are the opposite of what they should be.
@Celio-Rossy Yes, you are correct, and it seems document need to be updated. I am going to assign this issue to content author who will update accordingly. @Gargi-Sinha kindly take a look at this case.
Tagging @MicrosoftGuyJFlo , our Content Dev for Conditional Access to help with this review. Thanks!
Hi @lisaychuang - The flow chart is updated. Could you please close this ticket. Thanks!
Hi @Gargi-Sinha , has the flow chart been pushed to public space? I still see the old chart when browsing the documention.
Removing diagram at issue until @Gargi-Sinha can republish.
Hello
I was going through conditional access documentation (https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/plan-conditional-access) and the decision flowchart present in the page is not making sense to me. Could be that I understand it wrong, but I would expect that if "Access control BLOCK conditions satisfied" is true, then the access token would not be issued. But the flowchart seems to imply the opposite. When result is "No" says the flowchart then token is not issued.
Anyway, I am not yet familiar enough with CA, so this could be a misunderstanding on my side. Hope someone will have a look into this.
Best, Celio
Document Details
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.