Common Conditional Access policies

Security defaults are great for some but many organizations need more flexibility than they offer. Many organizations need to exclude specific accounts like their emergency access or break-glass administration accounts from Conditional Access policies. The policies referenced in this article can be customized based on organizational needs. Organizations can use report-only mode for Conditional Access to determine the results of new policy decisions.

Conditional Access templates (Preview)

Conditional Access templates are designed to provide a convenient method to deploy new policies aligned with Microsoft recommendations. These templates are designed to provide maximum protection aligned with commonly used policies across various customer types and locations.

Conditional Access policies and templates in the Azure portal.

The 14 policy templates are split into policies that would be assigned to user identities or devices. Find the templates in the Azure portal > Azure Active Directory > Security > Conditional Access > Create new policy from template.

Create a Conditional Access policy from a preconfigured template in the Azure portal.

Important

Conditional Access template policies will exclude only the user creating the policy from the template. If your organization needs to exclude other accounts open the policy and modify the excluded users and groups to include them.

By default, each policy is created in report-only mode, we recommended organizations test and monitor usage, to ensure intended result, before turning each policy on.

* These four policies when configured together, provide similar functionality enabled by security defaults.

Organizations not comfortable allowing Microsoft to create these policies can create them manually by copying the settings from View policy summary or use the linked articles to create policies themselves.

Other policies

Emergency access accounts

More information about emergency access accounts and why they're important can be found in the following articles:

Next steps