Conditional Access and access control

Use Azure Active Directory (Azure AD) to keep your workforce secure and productive by enforcing Conditional Access and access control with real-time adaptive policies.

Try Azure Active Directory

Azure AD is now part of Microsoft Entra

Step into tomorrow with Microsoft Entra, the new family of multicloud identity and access products to help you secure access for a connected world.

Meet Microsoft Entra
Read the announcement

What is Conditional Access?

Conditional Access enables organizations to configure and fine-tune access control policies with contextual factors such as user, device, location, and real-time risk information. This helps control what a specific user can access, and how and when they have access.

Learn more

How Conditional Access works within your organization

Other apps

Enforce controls to specific apps or actions.

Hybrid on-premise apps

Secure remote access to on-premises web apps.

Office apps

Restrict access to approved, modern authentication-capable client apps.

Lumen.
"Conditional Access policies in Azure AD have been amazing for us. We defined which apps and what data employees can access from home."

—Lena Taylor, Senior Director of Enterprise Security, Lumen

Azure AD Conditional Access

Help keep your organization secure with Conditional Access policies in Azure AD to apply the right access controls only when needed.

Learn more about Azure AD
Watch the Conditional Access policies video

Device health and compliance: Mitigate risks from devices with Microsoft Endpoint Manager.

Learn more

Risk detection: Automate risk detection and remediation of suspicious user accounts.

Learn more

Real-time session monitoring: Monitor and control app access and sessions in real time.

Learn more

Session management: Enforce policies to restrict authentication sessions without impacting all users.

Learn more

Strong authentication: Create a balanced multifactor authentication policy for your environment.

Learn more

Effective protection: Block legacy authentication to improve your organization’s security posture.

Learn more

Insights and reporting: Understand the impact of Conditional Access policies in your organization.

Learn more

Report-only mode: Evaluate the impact of Conditional Access policies before enabling them.

Learn more

Take a deep dive into Azure AD authentication

Explore documentation

Additional Azure AD Conditional Access resources

Concepts

Get an overview of Azure AD feature concepts.

How-to guides

See step-by-step guides for Azure AD features.

Tutorials

Learn to deploy Azure AD features.

Quickstarts

Get started right away.

Resources

Find technical resources for Conditional Access.

Deployment

Plan your deployment.

Safeguard your organization with a seamless identity solution

Learn more about Azure AD
See pricing

Conditional Access is the tool used by Azure Active Directory (Azure AD) to bring signals together, make decisions, and enforce organizational policies. Help keep your organization secure using Conditional Access policies only when needed. This security policy enforcement engine analyzes real-time signals to make security enforcement decisions at critical checkpoints. The left side of the diagram represents how signals from users, devices, locations, apps, data labels, and risk analysis are aggregated; decisions are enforced based on the aggregated signals. The middle of the diagram shows common decisions based on signals including block, limit, allow access, or require additional steps, such as multifactor authentication or password reset. The right side of the diagram represents how a decision is enforced on apps and data once Conditional Access determines the appropriate action.