Some CA policies apply to Workload Identities instead of users. In this mode you can't add break glass. This test should ignore CA policies that apply to Workload Identities.
Background:
App access to EntraID and Office365 uses App registrations often with long lived secrets (passwords) instead of safe MFA.
With additional licence, CA policy can apply to workload identities to apply IP filtrering/network Location control. This reduces risk of compromised creds for app registration being abused from elsewhere on internet.
BenPennellAviva
commented
1 week ago
Some CA policies apply to Workload Identities instead of users. In this mode you can't add break glass. This test should ignore CA policies that apply to Workload Identities.
Background: App access to EntraID and Office365 uses App registrations often with long lived secrets (passwords) instead of safe MFA.
With additional licence, CA policy can apply to workload identities to apply IP filtrering/network Location control. This reduces risk of compromised creds for app registration being abused from elsewhere on internet.