web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

Welcome to the Power Platform Communities
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps / Conditional Access for...
Power Apps
Unanswered

Conditional Access for Canvas Apps Vulnerability / MFA bypass

(1) ShareShare
ReportReport
Posted on by Hong Xian Zheng 16

I have applied conditional access policy to require MFA to my Power App by applying an authentication context to the Power App. I used the cmdlet as detailed in the official documentation from Microsoft.

 

The associated conditional access policy requires user to authenticate via MFA.

 

However when the user launches the app, the popup that prompts users to sign in/authenticate can be easily bypassed by hiding the HTML element. 

HongXianZheng_0-1683479177993.jpeg

HongXianZheng_1-1683479206944.jpeg

 

This gives users full access to the functionality of the app without actually authenticating via MFA. 

 

HongXianZheng_2-1683479253478.jpeg

 

This "Sign-In" Prompt is very different from what we see in the demo PowerCat Demo and official documentation. Does any one have any insight on how to properly implement granular MFA/conditional access policy for Canvas Apps? 

Use Inspector to Hide HTML Element.jpg
Login Prompt with 2FA enabled.PNG.jpg
Freedom of navigation and Fully Functional.jpg
Categories:
Governance & administering
I have the same question (0)
  • Hong Xian Zheng Profile Picture
    Hong Xian Zheng 16 on at

    Update 10 May:

    It seems like the problem resolved itself. The MFA works properly now and the app does not load until MFA is completed.

    HongXianZheng_1-1683731097256.png

     

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Users!

Kudos to our 2025 Community Spotlight Honorees

Congratulations to our 2025 community superstars!

Congratulations to the January Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Apps

#1
Haque Profile Picture

Haque 88

#2
WarrenBelz Profile Picture

WarrenBelz 85 Most Valuable Professional

#3
Valantis Profile Picture

Valantis 45

Last 30 days Overall leaderboard

Featured topics

Auto-Populate field Power Pages
Gallery Tabs - Show or Hide Tabs based on Field Value
How to patch multiple records at once
Enable Copilot for end users in model-driven apps
Question for everyone : How are you using Create Text GPT in AI Builder?
Community content - sample components, blogs etc. - Link to this page (http://aka.ms/PCFdemos)
Welcome to the Power Apps forum!

Product updates

Microsoft Power Platform Community release plans