Microsoft has added support for application filters to Azure AD conditional access (CA) policies. This release enables organizations to use an app filter based on custom security attributes to restrict access to specific applications.
Currently, it’s possible for IT admins to apply conditional access policies to individual or all apps. However, this process may prove challenging for companies that have a large number of apps with multiple conditional access policies.
The new Application filters feature enables IT Pros to tag service principals with custom security attributes (such as highly important). These custom attributes are then added to a conditional policy to allow or block applications.
“With filters for apps, admins can tag applications with custom security attributes and apply Conditional Access policies based on those tags, rather than individually selecting apps. With this approach, there is no limit on the number of apps covered, and new apps you add with the attributes are automatically included in the policies,” the company explained.
Overall, the latest update eliminates the need to edit a conditional access policy to add new or additional apps. It’s a helpful feature for big organizations that need to manage hundreds or thousands of applications.
The new Application filters feature is currently available in public preview for enterprise customers. For now, app filters in conditional access policies can only use string custom security attributes. IT admins can combine app filters with any other controls available in a policy. You can check out this support document for more details about how to define an app filter for a conditional access policy.