Conditional Access: How to Make Best Use of It to Secure Microsoft 365

• Conditional access supports several approaches to keep Microsoft 365 secure by default.
• Policy templates, default policies provided and managed by Microsoft, and recommendations for policies can make conditional access more effective.
• Customers must still design conditional access policies that fit organization structure, the perimeter to be established, and the needs of their users, contractors, and partners.

A successful implementation of Microsoft 365 conditional access (CA) policies can dramatically reduce the threats the organization may face. In particular, CA policies can enforce retirement of legacy authentication. Successful CA deployment means understanding the organization’s users, applications, partners, and their typical use cases. This report focuses on getting organizations started with CA policies and explains the key steps to design and implement CA successfully. It highlights Microsoft resources, including Microsoft-managed policies, which are typically implemented as is; policy templates that can be changed or implemented as is; and planning guides for CA for CA infrastructure. The report also highlights the Entra, Intune, and Purview licenses required by CA.