Balancing controls and business requirements in Conditional Access is mentally exhausting.

Please don’t post your copilot chat in Teams.

Hey @merill wondering if you have any insight on this topic. I want to leverage device-bound passkey in MS Authenticator, however there is a known issue when also leveraging Conditional Access to require app protection policy for all apps on mobile os. The provided workarounds aren’t great but there is an undocumented work around of excluding Azure Credential Configuration Endpoint Service app from app protection CAP. This works but not sure if that introduces additional risk. Thoughts?