Conditional Access and access control

Use Azure Active Directory (Azure AD) to keep your workforce secure and productive by enforcing Conditional Access and access control with real-time adaptive policies.

What is Conditional Access?

Conditional Access enables organizations to configure and fine-tune access control policies with contextual factors such as user, device, location, and real-time risk information. This helps control what a specific user can access, and how and when they have access.

How Conditional Access works within your organization

Other apps

Enforce controls to specific apps or actions.

Hybrid on-premise apps

Secure remote access to on-premises web apps.

Office apps

Restrict access to approved, modern authentication-capable client apps.

"Conditional Access policies in Azure AD have been amazing for us. We defined which apps and what data employees can access from home."

—Lena Taylor, Senior Director of Enterprise Security, Lumen

Azure AD Conditional Access

Help keep your organization secure with Conditional Access policies in Azure AD to apply the right access controls only when needed.

Device health and compliance: Mitigate risks from devices with Microsoft Endpoint Manager.

Risk detection: Automate risk detection and remediation of suspicious user accounts.

Real-time session monitoring: Monitor and control app access and sessions in real time.

Session management: Enforce policies to restrict authentication sessions without impacting all users.

Strong authentication: Create a balanced multifactor authentication policy for your environment.

Effective protection: Block legacy authentication to improve your organization’s security posture.

Insights and reporting: Understand the impact of Conditional Access policies in your organization.

Report-only mode: Evaluate the impact of Conditional Access policies before enabling them.

Take a deep dive into Azure AD authentication

Additional Azure AD Conditional Access resources


Get an overview of Azure AD feature concepts.

How-to guides

See step-by-step guides for Azure AD features.


Learn to deploy Azure AD features.


Get started right away.


Find technical resources for Conditional Access.


Plan your deployment.

Safeguard your organization with a seamless identity solution

Conditional Access is the tool used by Azure Active Directory (Azure AD) to bring signals together, make decisions, and enforce organizational policies. Help keep your organization secure using Conditional Access policies only when needed. This security policy enforcement engine analyzes real-time signals to make security enforcement decisions at critical checkpoints. The left side of the diagram represents how signals from users, devices, locations, apps, data labels, and risk analysis are aggregated; decisions are enforced based on the aggregated signals. The middle of the diagram shows common decisions based on signals including block, limit, allow access, or require additional steps, such as multifactor authentication or password reset. The right side of the diagram represents how a decision is enforced on apps and data once Conditional Access determines the appropriate action.