Share via

Azure Conditional Access - Apply all Templates?

Fabian 261 Reputation points
2022-02-16T08:57:39.923+00:00

Hi, I've been looking at the Azure Conditional Access templates (for devices and identities) in detail. From my point of view, each template represents a different use case and each of these use cases makes sense to me. For this reason, I would prefer to enable all templates (with appropriate PoC, of course).

  1. Can anyone recommend or not recommend the use of all templates?
  2. If not, why?
  3. Are negative impacts known or foreseeable?
  4. Are the templates in conflict to one another?
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,890 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vasil Michev 97,231 Reputation points MVP
    2022-02-16T09:28:14.5+00:00

    Use the ones that fit your needs, and test them in Report-only mode first. The templates are generic, they cannot account for the needs of all customers. Best view them as sort of recommendations from Microsoft, but apply them with your specific needs in mind.

    For example, the "Block legacy authentication" template is certainly something to consider as it will improve your security posture, but you might have dependency on legacy software, multi-functional devices, scripts and other types of automation that still leverage basic auth. Similarly for any templates that force MFA, make sure that the users in scope will not be affected first. But do aim to enable those in the nearest possible future, those are highly recommended.

    1 person found this answer helpful.