Skip to content

Microsoft docs

Jump to bottom
Alexander Filipin edited this page Dec 2, 2020 · 8 revisions

Plan a Conditional Access deployment

Follow best practices

  • Apply CA policies to every app
  • Minimize the number of CA policies
  • Set up emergency access accounts
  • Set up report-only mode
  • Plan for disruption
  • Set naming standards for your policies
  • Exclude countries from which you never expect a sign-in.

Common policies

  • Require MFA
  • Respond to potentially compromised accounts
  • Require managed devices
  • Require approved client applications
  • Block access

Common Conditional Access policies

  • Block legacy authentication
  • Require MFA for administrators
  • Require MFA for Azure management
  • Require MFA for all users
  • Sign-in risk-based Conditional Access
  • User risk-based Conditional Access
  • Secure security info registration
  • Block access by location
  • Require compliant devices
  • Block access

Create a resilient access control management strategy with Azure Active Directory

Five steps to securing your identity infrastructure: Step 3 - Automate threat response

How To: Configure and enable risk policies

Identity and device access configurations: Applying these capabilities across the three tiers of protection

Common identity and device access policies

Clone this wiki locally