Hi all just configured and tested Cloudflare Access with Microsoft Azure AD as authentication provider. Setup is easy and works perfectly well.
I do have discovered a potential flow of the product. So if you setup Cloudflare access and have an A record (e.g ABC.domain.tld) proxied through Cloudflare all is good, Access page shown and authentication requested. IF you create a CNAME (DCE.domain.tld) point to your ABC.domain.tld record, Cloudflare Access is actually getting bypassed and original server is exposed
Could be a misconfiguration concept for anyone but i would rather say its a flaw, as this could expose someone without knowing about it