Exercise - Implement Conditional Access policies roles and assignments
Create a conditional access policy
Azure Active Directory Conditional Access is an advanced feature of Azure AD that allows you to specify detailed policies that control who can access your resources. Using Conditional Access, you can protect your applications by limiting users' access based on things like groups, device type, location, and role.
Sign in to the Azure portal using a Global administrator account.
Open the portal menu and then select Azure Active Directory.
On the Azure Active Directory blade, under Manage, select Security.
On the Security blade, in the left navigation, select Conditional access.
On the top menu, select New policy.
In the Name box, enter Test app conditional access. This is the name being using for this exercise, you may choose another name if you wish.
Under Assignments, select Users and groups.
On the Include tab, select the Users and groups check box.
In the Select pane, select your administrator account and then select Select.
Select Cloud apps or actions.
Verify Cloud apps is selected and then select Select apps.
In the Select pane, select My apps and then select Select.
Select Conditions and then select Locations.
Under Configure, select Yes and then select Any location.
Under Access controls, select Grant.
In the Grant pane, select Block access and then select Select.
This policy is being configured for the exercise only and is being used to quickly demonstrate a conditional access policy.
Under Enable policy, select On, and then select Create.
Test the conditional access policy
You should test your conditional access policies to ensure they working as expected.
Open a new browser tab and then browse to https://myapps.microsoft.com.
Your credentials should be passed through.
Verify you are prevented from successfully accessing your My Apps page.
If you are signed in, close the tab, wait 1-2 minutes, and then retry.
Close the tab and return to the Conditional Access blade.
Select the Test app conditional access policy.
Under Enable policy, select Off and then select Save.
Need help? See our troubleshooting guide or provide specific feedback by reporting an issue.