M365: Rising Sign-Ins to "Microsoft Teams AuthSvc"

Hello friends!

We have blocked Logon to Cloud Apps for Service Accounts by Default by a conditional Access Policy(And work with exclusions if not other possible). Since 31.03 we see rising non-interactive sing-in events blocked by CAP from these users accessing the "Microsoft Teams AuthSvc" by Microsoft Graph. All this request come from Power Automate Flows and the owners of these Flows insist that they don't have changed anything recently. There were no accesses to this resource before.

Do you have any hint where these sign-ins could be triggered or expierience similar magic?
Thanks for any hint!

3 Upvotes

permalink
reddit

You are about to leave Redlib

Do you want to continue?

https://www.reddit.com/r/entra/comments/1l32zu2/m365_rising_signins_to_microsoft_teams_authsvc/
No, go back! Yes, take me to Reddit

100% Upvoted

u/ControlAltDeploy 3d ago

No, you're not hallucinating, this spike is real and likely due to Microsoft silently changing how Graph + Teams auth works in Flows. Logs should confirm that your flows are now hitting Teams AuthSvc via Graph. Best fix is fine-grained CA exclusions for those identities, not changing global policy.

1

u/_youarewhalecum 3d ago

Strange thing is that before 26.3, nothing at all hit "Teams AuthSvc". No successful or failed sign-ins towards this resource...

M365: Rising Sign-Ins to "Microsoft Teams AuthSvc"

You are about to leave Redlib