In MS Azure does Conditional Access apply to scenarios where you acquire an access token towards an application programmatically/non-interactively (for example using ADAL or manually via token endpoint)?
I have a Web App in Azure with Azure AD Authentication/Easy Auth configured and a Conditional Access Policy applied/targeting the application.
When attempting to access the Web App interactively in a browser, the Conditional Access Policy applies as expected.
When I attempt to acquire an access token for the same application using a Service Principal programmatically/non-interactively (client credentials grant/flow) the Conditional Access Policy targeting the application does not seem to apply and I can acquire tokens from any location as well as use them from any location.
I do not see any related settings in Conditional Access within Azure which would ensure policies are applied to specific grant scenarios/flows or just interactive processes.
Which leads me to ask does anyone know if Condition Access policies apply to such grants/flows that are executed non-interactively?
