Azure AD – Update your Conditional Access policies if you are using ‘require approved client app’ before March 2026

If you are using the grant control ‘Require approved client app’ in your Conditional Access policies, you need to update and migrate to use the grant control ‘Require application protection policy’ before March 2026.

At this date, the control ‘Require approved client app’ will no longer be enforced and will act as if it was not selected.


Before switching to the ‘Require application protection policy’ control, you will have to implement an Intune application protection policy for each operating system you want to support (iOS/iPadOS, Android or Windows [Windows Information Protection]).

You will need also to review the supported application for application protection policy here


Once done, tested and validated you can then switch the control in your Conditional Access policy

Leave a Comment

Your email address will not be published. Required fields are marked *

The reCAPTCHA verification period has expired. Please reload the page.