Assistance Needed for Setting Up MFA Conditional Access Policies in Azure

Jared 0 Reputation points
2025-01-23T17:38:49.7966667+00:00

Struggling to set up MFA conditional access policies for an Azure account. The free trial of Entra ID PD1 does not recognize the Azure account email used for signing in, prompting the creation of a new one. How can conditional access policies be created for the existing Azure account in this scenario? The tutorials are too complicated, leading to confusion. Currently on the basic tier of Entra ID but need to upgrade to create conditional access policies for compliance. Seeking basic level instructions to overcome this challenge.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,149 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Q&A Assist
    2025-01-23T17:38:49.83+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    To set up MFA conditional access policies for your Azure account, you will need to ensure that you have the appropriate permissions and that your account is upgraded to a tier that supports conditional access policies. Here are the basic steps to create conditional access policies:

    1. Upgrade Your Entra ID: Since you mentioned being on the basic tier, you will need to upgrade to a tier that supports conditional access policies. This is typically the Premium P1 or P2 tier.
    2. Sign In to Microsoft Entra Admin Center: Use an account that has the role of Conditional Access Administrator. If your current Azure account email is not recognized, you may need to create a new account or ensure that your existing account is properly set up.
    3. Navigate to Conditional Access: Once signed in, go to Protection > Security Center > Conditional Access.
    4. Create a New Policy: Click on + New policy and then select Create new policy. Give your policy a meaningful name.
    5. Configure Assignments: Under the Assignments section, select Users and groups. You can choose specific users or groups to which the policy will apply.
    6. Select Cloud Apps: Under Cloud apps or actions, select the applications that the policy will apply to, such as the Azure VPN Client app.
    7. Set Access Controls: Under Access controls, select Grant and choose Require multifactor authentication.
    8. Enable the Policy: Finally, make sure to enable the policy by selecting On and then click Create to apply the policy.

    If you are facing issues with your Azure account being unrecognized, consider reaching out to Microsoft support for assistance on account setup and permissions.


    References:

    0 comments No comments

  2. Navya 15,150 Reputation points Microsoft Vendor
    2025-01-24T10:31:52.72+00:00

    Hi @Jared

    I understand that you want to set up MFA Conditional Access Policies in Azure/Microsoft Entra ID, but you don't have the required license. When you try to get a free trial of the Entra ID license, your account is not recognized.

    To create a conditional access policy, a premium license is required. To sign up for a free trial of Entra ID, please create a new user and try to activate the P2 trial version license. Follow the steps below.
    1.Sign into the Microsoft Entra ID and create a new user.

    2.Assign global Administrator role to the user and reset that user password.

    3.Activate the free Entra ID P2 trial Microsoft Entra ID P2 Trial

    4.Use UPN (from step2) for the email address

    It will state that this username is being used by another MS Service and gives you the opportunity to login with that user. Login using the password you set earlier.

    You should then be redirected to a page that shows you the Entra ID P2 trial with a “Try now” button. After activating the trial, you should - might - get a few error/configuration messages stating that the Sold-to address, Registration number needs amending first.

    5.In the MS365 Admin Center (which you are redirected too) - check that the Billing accounts default directory correlates to the email address you used to create the Azure Free Account. (You should have the same created users as you do in the Free Azure account).

    6.Amend the Sold-to address details, check the Registration number from the Billing Accounts section and then add a valid payment method.

    7.Log out, close your browsers, and clear your cache. Then log back in to the Microsoft Entra/Azure portal using your Free Azure Account email and start the Entra ID P2 trial process again.

    8.Follow step 4 (you should now be able to start the Entra ID P2 trial without any issues or notifications).

    After completing all required steps, you will get P2 Trial version License.

    and if needed to assign a license to you. navigate to Licenses > All Products and assign the Microsoft Entra ID P2 license to your main Azure Account.

    Hope this helps. Do let us know if you any further queries.

    Thanks,

    Navya.

    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.