Intelligent policies for granular access control

Keep your workforce secure and productive by granting access based on contextual factors such as user, device, location, and session-risk information.

Three vertical images show people using a mobile device in an office, a laptop in an airplane, and a tablet in a construction site.

Enforce risk-based adaptive access policies

Secure access to resources

Protect against identity compromise and help ensure only verified users and trustworthy devices can access resources.

Protect all apps and data

Improve visibility and control over access and activities across all apps and data.

Seamless end-user experience

Give users on any device or network secure access to resources.

What is Azure AD Conditional Access?

Conditional Access enables organizations to configure and fine-tune access policies with contextual factors such as user, device, location, and real-time risk information to control what a specific user can access and how and when they have access.

Conditional Access is the tool used by Azure Active Directory to bring signals together, to make decisions, and enforce organizational policies. By using Conditional Access policies, you can apply the right access controls when needed to keep your organization secure and stay out of your user's way when not needed. This security policy enforcement engine analyzes real-time signals to make security enforcement decisions at critical checkpoints. On the left side, signals from users, devices, location, applications, data labels, risk analysis, are aggregated and based on the signals and decisions are enforced. In the middle, common decisions includes block, limit, allow access or required additional steps such as MFA or password reset are determined based on signals. Once Conditional Access determines the appropriate action, it’s enforced on apps and data on the right.


Aggregate signals across users, devices, app sensitivity, sessions, and real-time and calculated risk detections to make informed access decisions.


Verify every access attempt and apply the controls you need to help keep your organization secure.


Apply granular policies and move beyond simple access/block decisions to support end-user productivity and strengthen security.

Conditional Access conditions and controls

Ensure secure productivity with the right controls.

User or group membership

Enforce fine grained access to specific users and groups based on location, network, and device.

Device health and compliance

Mitigate risks from devices with Microsoft Endpoint manager.

Real-time and calculated risk detection

Automate risk detection and remediation of suspicious user accounts.

Real-time session monitoring

Monitor and control app access and sessions in real time with Microsoft Cloud App Security in-session controls.

Session management

Enforce policies to restrict authentication sessions without impacting all users.

Strong authentication

Create a balanced multi-factor authentication policy for your environment.

Block legacy authentication

Block legacy authentication to improve your organization's security posture.

Insights and reporting

Understand the impact of Conditional Access policies in your organization over time.

Report-only mode

Evaluate the impact of Conditional Access policies before enabling them.

More on adaptive access

Best practices for Conditional Access

Learn about best practices for Conditional Access in Azure Active Directory.

Secure remote access

Learn about best practices and tips for today’s organization.

Azure Active best practices for managing remote workforce

Learn how you can quickly and easily get Azure Active Directory up and running and be the hero of your organization.