C
Conditional Access
Conditional Access policies enforce access requirements based on signals like user, device, location, and risk level.
What is Conditional Access?
Conditional Access is an identity-driven security capability in Microsoft Entra ID that enforces access policies based on signals. It allows organizations to apply the right access controls under the right conditions.
Conditional Access Signals
- User/Group: Who is accessing
- Cloud App: What is being accessed
- Device State: Managed, compliant, hybrid joined
- Location: IP ranges, countries
- Risk Level: Sign-in and user risk
- Client App: Browser, mobile app, desktop
Access Controls
Grant access (with conditions like MFA, compliant device), block access, or limit access (session controls).
Common Misconceptions
- "Conditional Access is just MFA" - Much broader scope
- "One policy covers everything" - Multiple policies needed
- "Conditional Access blocks users" - Can also grant access with conditions