web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps / Conditional Access for...
Power Apps
Unanswered

Conditional Access for Canvas Apps Vulnerability / MFA bypass

(1) ShareShare
ReportReport
Posted on by Hong Xian Zheng 16

I have applied conditional access policy to require MFA to my Power App by applying an authentication context to the Power App. I used the cmdlet as detailed in the official documentation from Microsoft.

 

The associated conditional access policy requires user to authenticate via MFA.

 

However when the user launches the app, the popup that prompts users to sign in/authenticate can be easily bypassed by hiding the HTML element. 

HongXianZheng_0-1683479177993.jpeg

HongXianZheng_1-1683479206944.jpeg

 

This gives users full access to the functionality of the app without actually authenticating via MFA. 

 

HongXianZheng_2-1683479253478.jpeg

 

This "Sign-In" Prompt is very different from what we see in the demo PowerCat Demo and official documentation. Does any one have any insight on how to properly implement granular MFA/conditional access policy for Canvas Apps? 

Use Inspector to Hide HTML Element.jpg
Login Prompt with 2FA enabled.PNG.jpg
Freedom of navigation and Fully Functional.jpg
Categories:
Governance & administering
I have the same question (0)
  • Hong Xian Zheng Profile Picture
    Hong Xian Zheng 16 on at

    Update 10 May:

    It seems like the problem resolved itself. The MFA works properly now and the app does not load until MFA is completed.

    HongXianZheng_1-1683731097256.png

     

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!

Quick Links

Forum hierarchy changes are complete!

In our never-ending quest to improve we are simplifying the forum hierarchy…

Ajay Kumar Gannamaneni – Community Spotlight

We are honored to recognize Ajay Kumar Gannamaneni as our Community Spotlight for December…

Congratulations to the December Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Apps

#1
WarrenBelz Profile Picture

WarrenBelz 386 Most Valuable Professional

#2
Kalathiya Profile Picture

Kalathiya 361

#3
MS.Ragavendar Profile Picture

MS.Ragavendar 339 Super User 2025 Season 2

Last 30 days Overall leaderboard

Featured topics

Auto-Populate field Power Pages
Gallery Tabs - Show or Hide Tabs based on Field Value
How to patch multiple records at once
Enable Copilot for end users in model-driven apps
Question for everyone : How are you using Create Text GPT in AI Builder?
Community content - sample components, blogs etc. - Link to this page (http://aka.ms/PCFdemos)
Welcome to the Power Apps forum!

Product updates

Microsoft Power Platform Community release plans