MC540749 – Plan for Change: “Require approved client app” control in Azure AD Conditional Access will be retired in March 2026

Intune Icon

check before: 2026-03-01

Product:

Azure Active Directory, Entra, Entra ID, Intune, Microsoft 365 Apps

Platform:

Online, World tenant

Status:

Change type:

Admin impact, Retirement

Links:

MC1029989

Details:

In March 2026, Azure Active Directory (Azure AD) and Microsoft Intune will retire the Conditional Access "Require approved client app" grant control. Instead we recommend utilizing the "Require application protection policy" grant control, which provides the same data loss and protection with additional benefits.

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:

Created:
2023-04-13

updated:
2024-08-10

Task Type

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS How does it affect me

XXXXXXX ... free basic plan only

MS Preperations

XXXXXXX ... free basic plan only

MS Urgency

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

linked item details

XXXXXXX ... free basic plan only

More Info URL

XXXXXXX ... free basic plan only

summary for non-techies**

XXXXXXX ... free basic plan only

Direct effects for Operations**

Loss of Data Protection
Without the 'Require approved client app' control, there may be an increased risk of data leakage as the control will no longer be enforced, potentially exposing sensitive information.
   - roles: IT Security Manager, Compliance Officer
   - references: https://learn.microsoft.com/azure/active-directory/conditional-access/migrate-approved-client-app

User Access Issues
Users may experience access issues if their applications are not compliant with the new 'Require application protection policy' control, leading to disruptions in their workflow.
   - roles: End User, Help Desk Support
   - references: http://aka.ms/RetireApprovedClientApp

Increased Support Tickets
The transition may lead to a surge in support tickets as users encounter issues with application access, overwhelming the IT support team.
   - roles: Help Desk Support, IT Operations Manager
   - references: https://learn.microsoft.com/azure/active-directory/conditional-access/migrate-approved-client-app

Training and Awareness Gaps
Users and administrators may not be adequately prepared for the change, leading to confusion and improper use of applications, affecting productivity.
   - roles: Training Coordinator, IT Administrator
   - references: http://aka.ms/RetireApprovedClientApp

Compliance Risks
Failure to transition to the new control may result in non-compliance with data protection regulations, exposing the organization to legal risks.
   - roles: Compliance Officer, Legal Advisor
   - references: https://learn.microsoft.com/azure/active-directory/conditional-access/migrate-approved-client-app

Configutation Options**

XXXXXXX ... paid membership only

Potentional Risks**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

explanation for non-techies**

XXXXXXX ... free basic plan only

** AI generated content. This information must be reviewed before use.

a free basic plan is required to see more details. Sign up here


A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.



Last updated 2 months ago

Share to MS Teams

Login to your account

Welcome Back, We Missed You!