This morning, I noticed that two Microsoft Managed Conditional Access policies seem to have disappeared: one for requiring phishing-resistant multi-factor authentication for admins and the other blocking legacy authentication. It looks like the 'Microsoft Managed Policy Manager' service principal name (SPN) might be responsible for this deletion. Has anyone else noticed this change? Was there any prior notice about these policies being removed? I tried searching online, but I couldn't find any information.
9 Answers
Oh, I hope so! I've been wanting to get rid of these Microsoft Managed Policies for ages!
It looks like Microsoft's really cleaning house. We also observed the same service principal activity across multiple tenants this morning. The takeaway here is that you should never rely solely on Microsoft-managed policies. Treat them as templates. For anything critical, recreate those as your own Conditional Access policies so that, when Microsoft decides to change things, you don’t end up with gaps. Don't forget to check your sign-in logs from the past 24 hours to make sure nothing slipped by during the policy absence.
I’m wondering if this is related to the rollout of the Security Copilot agent.
Same situation here. Darktrace alerted me to the change last night at 5:37 PM CDT. Thankfully, those were default policies and not the ones we actively use.
They really messed up with this one. We had some apps relying on Conditional Access with no MFA, and now it's not working. The exclusions that were in place before don't recognize the resource as the app name anymore—only as 'Microsoft Graph'. Seems like they broke Conditional Access. Probably another Easter egg from Microsoft.
I noticed these policies were also missing in a new tenant I set up just last week.
We also encountered this issue, and like many, received no prior notice. I opened a ticket too, and it's absolutely crazy that they did this without telling us.
I noticed the same two policies were missing, but fortunately, they weren't assigned to anyone in my case since Microsoft set them up automatically.
Thanks for confirming. I appreciate the reassurance!
I got an alert this morning about the 'Microsoft Managed Policy Manager' removing some services too. My security solution flagged the changes as legit and coming from Microsoft.
Alright cool, thanks for confirming. I opened a ticket with support since I have an agreement with them. I'll let you know if I hear anything useful.
We started seeing this in multiple tenants yesterday.
Microsoft, the gift that keeps on giving!