Disable option to create Conditional Access Policy when Passthrough authentication is enabled
When Passthrough Authentication is enabled for an app published through App Proxy, the authentication process is offloaded to the Idp the company uses.
Because of that, authentication requests cannot be evaluated for Conditional Access.
Thus, turning on Passthrough, should automatically prevent users from creating CAP for the application. Currently, the What-If tool will show that the policy will apply when in reality it won't.
This documented here :
This behavior already exists for Single-sign on
Thank you for sharing your feedback. We are reviewing this to see how we can improve the experience based on your feedback.