Starting June 15, 2026, Conditional Access policies targeting All resources with exclusions will be enforced for sign-ins requesting only certain OIDC or directory scopes. Some users may face new challenges like MFA. Most organizations need no action, but custom apps requesting only these scopes should be evaluated.
Applies to: Microsoft Entra
Source: mc.merill.net — data via Merill Fernando's open archive (MIT).