To complete the scenario in this quickstart, you need:
- An Azure account with an active subscription. Create an account for free.
- Azure AD Premium P1 or P2 - Azure AD Conditional Access is an Azure AD Premium capability. You can sign up for a trial in the Azure portal.
- A test account to sign-in with - If you don't know how to create a test account, see Add cloud-based users.
The goal of this step is to get an impression of the sign-in experience without a Conditional Access policy.
- Sign in to the Azure portal as your test user.
- Sign out.
This section provides you with the steps to create a sample ToU. When you create a ToU, you select a value for Enforce with Conditional Access policy templates. Selecting Custom policy opens the dialog to create a new Conditional Access policy as soon as your ToU has been created.
In Microsoft Word, create a new document.
Sign in to the Azure portal as a Conditional Access Administrator, Security Administrator, or a Global Administrator.
In the menu on the top, select New terms.
In the Name textbox, type My TOU.
Select your default language.
In the Display name textbox, type My TOU.
As Enforce with Conditional Access policy templates, select Custom policy.
Create a Conditional Access policy
This section shows how to create the required Conditional Access policy.
The scenario in this quickstart uses:
- The Azure portal as placeholder for a cloud app that requires your ToU to be accepted.
- Your sample user to test the Conditional Access policy.
To configure your Conditional Access policy:
- Under Assignments, select Users or workload identities.
- Under Include, choose Select users and groups > Users and groups.
- Choose your test user, and choose Select.
- Under Assignments, select Cloud apps or actions.
- Select Cloud apps or actions.
- Under Include, choose Select apps.
- Select Microsoft Azure Management, and then choose Select.
- Under Access controls, select Grant.
- Select Grant access.
- In the Enable policy section, select On.
- Select Create.
Test your Conditional Access policy
Clean up resources
When no longer needed, delete the test user and the Conditional Access policy:
If you don't know how to delete an Azure AD user, see Delete users from Azure AD.
To delete your policy, select the ellipsis (...) next to your policies name, then select Delete.