Entra ID enforces conditional access for applications using baseline scopes (opens in new tab)

Microsoft is updating Entra ID to ensure conditional access policies are enforced for applications requesting only baseline scopes. These baseline scopes include standard OpenID Connect permissions like email and profile, as well as basic directory read permissions. Previously, applications using only these low-risk scopes could bypass policies targeting all resources if specific exclusions were present. <a href="