Exchange Online and SharePoint Online policy settings overview

Applicable to all sensitivity levels

Intune (Require a compliant or domain joined device)

Intune MAM for Exchange Online

Baseline

To create a new conditional access policy, log in to the Microsoft Azure portal with your administrator credentials. Then navigate to Azure Active Directory > Security > Conditional access.

Conditional access policy

Azure conditional access policy to require MFA for medium and above risk

Intune (Require a compliant or domain joined device)

Intune MAM for Exchange Online

Sensitive

Conditional access low and above risk requires MFA

Highly regulated

Conditional access policy settings for MFA required