Set up Azure AD Conditional Access

Conditional Access policies in Azure Active Directory (Azure AD) at their simplest are if-then statements: if a user wants to access a resource, then they must complete an action.

Example: A payroll manager wants to access the payroll app that has been built with Power Apps and is required to perform multifactor authentication to access it.

Administrators are faced with two primary goals:

  • Empower users to be productive wherever and whenever.
  • Protect the organization's assets.

By using Conditional Access policies, you can apply the right access controls when needed to keep your organization secure, and stay out of your user’s way when they're not needed. Conditional Access policies are enforced after the first-factor authentication has been completed.

Only Global Admins can configure Conditional Access policies. This isn't available for Microsoft Power Platform or Dynamics 365 admins.

Conceptual Conditional Access process flow.

To learn how to set up Conditional Access policies, see Plan a Conditional Access deployment.

Note

If you’re using Conditional Access polices to limit access to Power Platform and it’s features, the following apps must be included in Cloud apps policy application:

  • Common Data Service (Dataverse)
  • Power Platform API
  • Microsoft Power Apps
  • Microsoft Flow
  • Microsoft Azure Management

To learn how to set up Conditional Access policies, go to Plan a Conditional Access deployment and Blog: Control Access to Power Apps and Power Automate with Azure AD Conditional Access Policies.

Further resources

Best practices for Conditional Access in Azure Active Directory
License Requirements to enable Conditional Access