Conditional Access
Microsoft Entra ID policies that gate sign-in based on user, device, location, app risk, and authentication strength.
Definition
Conditional Access is the policy engine inside Microsoft Entra ID that evaluates each sign-in attempt and decides whether to allow, block, or require an additional factor. Common rules: require MFA from outside the corporate network, block legacy auth, require a compliant Intune-managed device. It is the central control point for Microsoft enterprise tenants.
When to use
See also
- Microsoft Entra ID — Microsoft's cloud identity provider (formerly Azure AD) — the directory behind Microsoft 365 and Azure SSO.
- MFA — Multi-factor authentication — a second verification step (TOTP, hardware key, push) on top of a password.