Conditional Access
Policy-based access control that evaluates signals and enforces security requirements before granting access.
What is Conditional Access?
Conditional Access policies are if-then statements that evaluate user, device, application, location, and risk signals to make access decisions. Based on these signals, policies can grant access, require additional verification (like MFA), limit access, or block entirely. This enables organizations to balance security with user productivity by applying the right controls to the right scenarios.
In Microsoft 365
Conditional Access is a core feature of Azure AD/Entra ID P1 and above. Policies target users/groups, applications, platforms, locations, and risk levels. Actions include requiring MFA, compliant devices, terms of use acceptance, or blocking access entirely.
Examples
- 1Require MFA when signing in from outside corporate network
- 2Block access from high-risk countries
- 3Require compliant device for admin portals
- 4Require MFA for risky sign-ins
Related TrueConfig Controls
These controls help implement and verify conditional access in your Microsoft 365 environment.
Frequently Asked Questions
What is Conditional Access?▼
How does Conditional Access work in Microsoft 365?▼
What are examples of Conditional Access?▼
Which TrueConfig controls relate to Conditional Access?▼
Related Terms
Zero Trust
Security model that assumes breach and verifies every access request as though it originates from an untrusted network.
Named Location
Conditional Access feature that defines trusted or untrusted network locations based on IP addresses or countries.
Authentication Strength
Conditional Access feature that specifies which authentication methods are acceptable for a given access scenario.