M365 Archive

MC540749 - Plan for Change: "Require approved client app" control in Azure AD Conditional Access will be retired in March 2026

Message Center

This announcement expired on Mar 31, 2026 and is no longer active in Message Center.

Message ID

MC540749

View in Message Center

Published

Apr 13, 2023

View version history

Service

Microsoft Intune

Tag

Admin impact
Retirement

More information

In March 2026, Azure Active Directory (Azure AD) and Microsoft Intune will retire the Conditional Access “Require approved client app” grant control. Instead we recommend utilizing the "Require application protection policy" grant control, which provides the same data loss and protection with additional benefits.

How this will affect your organization:

If you have a Conditional Access policy with "Require approved client app" grant control configured, after this change, you will no longer be able to enforce this control, it will be as if this grant is not selected.

What you need to do to prepare:

We recommend updating your Conditional Access policy to using the "Require application protection policy" grant control. For more information, see Migrate approved client app to application protection policy in Conditional Access.

Related posts

Referenced by (2)

Posts that mention this one.

Version history

2 versions tracked

Updated 1 time since Apr 13, 2023. Microsoft Message Center only ever shows the current version; this archive preserves the history.

Compare latest to previous (v1)

Compare any two versions

From
To
  1. Apr 13, 2023 · 12:00 AMLatest · v2

    Changed: Body

  2. Apr 13, 2023 · 12:00 AMOriginal · v1

    Changed: Initial version

    View this versionCompare to latest