How multiple conditional access policies are applied in Azure?

Lt. Columbo 316 Reputation points
2022-09-13T05:50:55.743+00:00

Hi guys,

There are 5 conditional access policies.

240335-azure-cap.jpg

240313-azure-cap-2.jpg

240348-azure-cap-3.jpg

Block International block access to all users from all countries except the US.
Block Intntl Except UK is applied to user A and block all countries except the UK.
User A at the moment the UK and cannot access Microsoft 365 services.
When I run What If only Block International policy is applied and Block Intntl Except UK is not.

240381-azure-cap-4.jpg

Could you please advise why is could be so.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,413 questions
{count} votes

Accepted answer
  1. SubhashSharma-MSFT 666 Reputation points Microsoft Employee
    2022-09-16T04:47:40.163+00:00

    Hi @Lt. Columbo

    Thank you for sharing the details over message.

    As both the user and location is Included and not Excluded, it is expected that the sign in from UK is being blocked due to policy configuration of 'Block International'.
    In the WhatIf test, 'Block International' policy is applied because the location is Included and does not apply 'Block Intntl Except UK' because UK is excluded.

    If multiple policies are in scope then most restrictive policy is enforced. For details please review Assigning policies to groups and users

    To fix this, you can choose to exclude the user from 'Block International' policy, re-evaluate the Named location configuration or update the Grant controls.

    I hope this helps in resolving the issue.

    ----------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    3 people found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.