Skip to main content This browser is no longer supported. Show Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support. What is Conditional Access?
In this articleThe modern security perimeter now extends beyond an organization's network to include user and device identity. Organizations can use identity-driven signals as part of their access control decisions. Conditional Access brings signals together, to make decisions, and enforce organizational policies. Azure AD Conditional Access is at the heart of the new identity-driven control plane. Conditional Access policies at their simplest are if-then statements, if a user wants to access a resource, then they must complete an action. Example: A payroll manager wants to access the payroll application and is required to do multi-factor authentication to access it. Administrators are faced with two primary goals:
Use Conditional Access policies to apply the right access controls when needed to keep your organization secure. Important Conditional Access policies are enforced after first-factor authentication is completed. Conditional Access isn't intended to be an organization's first line of defense for scenarios like denial-of-service (DoS) attacks, but it can use signals from these events to determine access. Common signalsCommon signals that Conditional Access can take in to account when making a policy decision include the following signals:
Common decisions
Commonly applied policiesMany organizations have common access concerns that Conditional Access policies can help with such as:
License requirementsUsing this feature requires Azure AD Premium P1 licenses. To find the right license for your requirements, see Compare generally available features of Azure AD. Customers with Microsoft 365 Business Premium licenses also have access to Conditional Access features. Risk-based policies require access to Identity Protection, which is an Azure AD P2 feature. Other products and features that may interact with Conditional Access policies require appropriate licensing for those products and features. Next steps
FeedbackSubmit and view feedback for |