Conditional Access before or after submitting credentials

Question

Hi,

I have a question about conditional access and the Logs that are generated on Azure AD.

Is conditional access policies (for example I have one configured to block access from specific countries) applied before or after authentication attempts?

It's important to know due to some security analysis I'm doing right now.

Thanks

Answer 1

@David Marques
Thank you for your post!

When it comes to Conditional Access Policies, this is where a user is prompted during the sign-in process (after login with username and password) for an additional form of identification (i.e. SMS, Authenticator app, OAUTH token, etc.). For more info.

Additional Links:
What is Conditional Access?
Create a Conditional Access policy
What authentication and verification methods are available in Azure Active Directory?

If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.

----------

Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

Answer 2

This would be after you enter your credentials as you have to identify who the user is first in order for the policies to apply so the user will need to authenticate first and then the CA policy will allow or block the user based on the conditions that you have set.