Conditional Access Policy Designer

Tell us which Conditional Access policies you have in place and get a complete policy matrix with recommended configurations, gap analysis, and implementation guidance.

Foundational Policies

The baseline policies every tenant should have.

Is legacy authentication blocked?

POP, IMAP, SMTP AUTH, older ActiveSync — these bypass MFA.

Is MFA required for all admin accounts?

Is MFA required for all users?

Device & Compliance

Policies that control device access and compliance requirements.

Is device compliance required for access?

Requires Intune compliance policies.

Are non-compliant/unmanaged devices restricted?

Is admin portal access restricted to compliant devices?

Risk & Intelligence

Policies that use Entra ID Protection risk signals.

Is a sign-in risk policy configured?

Detects suspicious sign-in behaviour (impossible travel, unfamiliar locations).

Is a user risk policy configured?

Detects compromised credentials found in breach databases.

Session & Application Controls

Policies for session management and application protection.

Are session lifetime controls configured?

Is an app protection policy required for mobile?

Are location-based access controls configured?

Are terms of use required?