how to tell if a classic conditional access policy is being used

jpcapone 1,376 Reputation points
2024-06-14T16:56:44.57+00:00

I am responding to the deprecation classic conditional access policies and i am finding it difficult to determine if a classic conditional access policy is being evaluated. I can see that the classic policies are enabled. When I edit the policy and select the cloud application, review the sign in logs, choose an individual sign in event and check the conditional Access tab I do not see the classic conditional access policy listed. This would make me think that the classic policy is not in use. Is that accurate? What other things need to be checked?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,576 questions
0 comments No comments
{count} votes

Accepted answer
  1. akinbade abiola 8,705 Reputation points
    2024-06-15T06:31:04.3766667+00:00

    Hello jpcapone,

    Thanks for your question.

    You can see if it is enabled or disabled in the classic policies themselves.

    1. Sign in to the Microsoft Entra admin center as at least a Conditional Access Administrator.
    2. Browse to Protection > Conditional Access > Classic policies. Classic policies view

    To view if it is applied, on users.

    1. Sign in to the Microsoft Entra admin center as at least a Global Reader.
    2. Browse to Identity > Monitoring & health > Sign-in logs.
    3. Select a sign-in item from the table to view the sign-in details pane.
    4. Select the Conditional Access tab.

    This will list the access policies applied for that event.

    Regards,

    You can mark it 'Accept Answer' if this helped you

    0 comments No comments

0 additional answers

Sort by: Most helpful