To start creating conditional access policies go to Azure (portal.azure.com), navigate to Azure AD, and select Conditional Access from under Security. You can also search from within Azure for conditional access and select the first result under Services:
- Select New policy:
- Name your policy:
- Under Assignments, click Users and groups to select who or which groups this policy will apply to:
- Select Cloud apps or actions and choose which abilities you're allowing or restricting. In my example, I'm allowing all users to access forms and flows conditionally:
- Now, you can configure the Conditions for this policy, such as excluding instances in which users are attempting to access the apps/actions from a trusted location:
- Under Access controls, select Grant and choose whether this policy is granting or blocking access if the conditions are met. In my example, I'm simply saying Grant access to forms and flows to all users as long as the device is marked as compliant. Click Select to save these details:
- If you're ready to enable the policy immediately, toggle Enable policy and click Create. You can always enable it later if you're not quite ready:
- When finished, use the What If button from the conditional access landing page to test the impact and effectiveness of your policies for particular users under specific circumstances:
Chances are, once your policies have been created, you'll want to check their performance and make sure they're behaving as intended. To do this, we need to manage our policies.