Network-25396: Conditional Access policies enforce strong authentication for private apps #744

praneeth-0000 · 2026-01-05T13:53:15Z

Added test for 25396

Conditional Access policies enforce strong authentication for private apps

Copilot

Pull request overview

This PR adds a new security assessment test (ID: 25396) that validates whether Conditional Access policies enforce strong authentication methods for Private Access applications within Microsoft Entra Global Secure Access.

Key changes:

Implements comprehensive test logic to evaluate Private Access applications (both Per-app and Quick Access types) for CA policy coverage requiring MFA or authentication strength
Introduces sophisticated authentication strength classification (Phishing-Resistant, Passwordless MFA, MFA baseline)
Provides detailed reporting with manual review capability for apps protected via applicationFilter-based policies

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File	Description
src/powershell/tests/Test-Assessment.25396.ps1	New test function that queries Private Access apps, evaluates CA policy coverage, classifies authentication strength levels, and generates detailed compliance reports with pass/fail/investigate status
src/powershell/tests/Test-Assessment.25396.md	Documentation explaining security risks of unprotected private apps and providing remediation guidance with links to Microsoft Learn articles

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

src/powershell/tests/Test-Assessment.25396.ps1

alexandair

@praneeth-0000 Please, address my feedback.

src/powershell/tests/Test-Assessment.25396.ps1

praneeth-0000 · 2026-01-15T04:55:33Z

@praneeth-0000 Please, address my feedback.

Hi @alexandair , I've updated the logic for classifying phishing resistant auth level. You were right, according to updated docx, all combinations in allowedCombinations should have at least 1 phishing resistant method.

Copilot

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated 6 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

src/powershell/tests/Test-Assessment.25396.ps1

src/powershell/tests/Test-Assessment.25396.md

Test 25396

7c5b06c

alexandair requested a review from Copilot January 5, 2026 14:02

Copilot started reviewing on behalf of alexandair January 5, 2026 14:07 View session

Copilot AI reviewed Jan 5, 2026

View reviewed changes

src/powershell/tests/Test-Assessment.25396.ps1 Show resolved Hide resolved

praneeth-0000 added 2 commits January 6, 2026 10:10

Changed user facing messages and beautified code

9afd381

fixed casing in table headers

9a81ac6

praneeth-0000 self-assigned this Jan 6, 2026

praneeth-0000 added enhancement New feature or request ready for review PR is ready for review and merging labels Jan 6, 2026

praneeth-0000 requested review from SagarSathe, alexandair and tdetzner January 6, 2026 04:47

praneeth-0000 marked this pull request as ready for review January 6, 2026 05:15

praneeth-0000 added 2 commits January 6, 2026 11:00

fixed user facing messages

3ffa3e8

moved portal links to bottom

21fd120

praneeth-0000 marked this pull request as draft January 9, 2026 03:39

combined q1 and q4 queries and simplified logic

943356d

praneeth-0000 marked this pull request as ready for review January 9, 2026 05:02

alexandair requested changes Jan 9, 2026

View reviewed changes

src/powershell/tests/Test-Assessment.25396.ps1 Outdated Show resolved Hide resolved

src/powershell/tests/Test-Assessment.25396.ps1 Show resolved Hide resolved

praneeth-0000 added 4 commits January 9, 2026 19:25

added logic to handle empty csa

c7ada61

Changed logic for checking auth strength

9ae3fe2

moved portal link to table header

d0c9deb

Updated phishing resistant logic according to docx

1a4dc87

praneeth-0000 requested a review from alexandair January 15, 2026 04:52

alexandair requested a review from Copilot January 15, 2026 07:45

Copilot started reviewing on behalf of alexandair January 15, 2026 07:46 View session

Copilot AI reviewed Jan 15, 2026

View reviewed changes

added and removed spaces as suggested by copilot

4136445

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Network-25396: Conditional Access policies enforce strong authentication for private apps #744

Network-25396: Conditional Access policies enforce strong authentication for private apps #744

praneeth-0000 commented Jan 5, 2026

Uh oh!

Copilot AI left a comment

Uh oh!

Uh oh!

alexandair left a comment

Uh oh!

Uh oh!

Uh oh!

praneeth-0000 commented Jan 15, 2026

Uh oh!

Copilot AI left a comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Network-25396: Conditional Access policies enforce strong authentication for private apps #744

Are you sure you want to change the base?

Network-25396: Conditional Access policies enforce strong authentication for private apps #744

Conversation

praneeth-0000 commented Jan 5, 2026

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Reviewed changes

Uh oh!

Uh oh!

alexandair left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

praneeth-0000 commented Jan 15, 2026

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants