Intelligent policies for granular access control
Keep your workforce secure and productive by enforcing granular access control with real-time adaptive policies.
What is conditional access?
Conditional access enables organizations to configure and fine-tune access policies with contextual factors such as user, device, location, and real-time risk information to control what a specific user can access, and how and when they have access.
Azure AD conditional access
Help keep your organization secure with conditional access policies in Azure Active Directory (Azure AD) to apply the right access controls only when needed.
Device health and compliance: Mitigate risks from devices with Microsoft Endpoint Manager.
Risk detection: Automate risk detection and remediation of suspicious user accounts.
Real-time session monitoring: Monitor and control app access and sessions in real time.
Session management: Enforce policies to restrict authentication sessions without impacting all users.
Strong authentication: Create a balanced multifactor authentication policy for your environment.
Effective protection: Block legacy authentication to improve your organization’s security posture.
Insights and reporting: Understand the impact of Conditional Access policies in your organization.
Report-only mode: Evaluate the impact of Conditional Access policies before enabling them.
Conditional access is the tool used by Azure Active Directory (Azure AD) to bring signals together, make decisions, and enforce organizational policies. Help keep your organization secure using conditional access policies only when needed. This security policy enforcement engine analyzes real-time signals to make security enforcement decisions at critical checkpoints. The left side of the diagram represents how signals from users, devices, locations, apps, data labels, and risk analysis are aggregated; decisions are enforced based on the aggregated signals. The middle of the diagram shows common decisions based on signals including block, limit, allow access, or require additional steps, such as multifactor authentication or password reset. The right side of the diagram represents how a decision is enforced on apps and data once conditional access determines the appropriate action.