All permanent Global Admins under All CA excluded shows failed.
It is set for all "User and group" policies but on a policy that is for "Agents (Preview) you can't set a user exclusion. This needs to be accounted for on this check.
I believe it is failing on the "Block AI Agents with High Risk Policy" where the Assignments is:
- What does this policy apply to: Agents (Preview) versus Users and Groups
- Include: is "All agent identities"
- Exclude: does not allow you to select a user only agent identity
You can create and test against this policy.
https://learn.microsoft.com/en-us/entra/identity/conditional-access/policy-agent-block-high-risk
Mark
All permanent Global Admins under All CA excluded shows failed.
It is set for all "User and group" policies but on a policy that is for "Agents (Preview) you can't set a user exclusion. This needs to be accounted for on this check.
I believe it is failing on the "Block AI Agents with High Risk Policy" where the Assignments is:
You can create and test against this policy.
https://learn.microsoft.com/en-us/entra/identity/conditional-access/policy-agent-block-high-risk
Mark