Conditional Access
Start course

Multi-factor authentication or MFA is no longer optional, and it is paramount that you protect not only your privileged accounts but enable it for all accounts. Azure Active Directory offers the ability to secure your identities with an additional authentication method. Verification of your identity can be done via an automated voice call, text message, through the Microsoft Authenticator app, or with a verification code.

Azure multi-factor authentication can be enforced using different methods. We will configure the user settings to give the ability to a user to report fraudulent attempts on their accounts. We will also review how an administrator can provide a one-time bypass code and whitelist trusted locations to bypass the two-step verification. Lastly, you will see how to configure Azure Active Directory conditional access to enforce MFA on cloud-based applications.

Learning Objectives

  • Identify the different methods of enabling two-step verification
  • Configure multi-factor authentication for users
  • Configure settings for MFA
  • Implement Azure Active Directory conditional access for MFA

Intended Audience

  • People who want to become Azure administrators
  • People preparing for Microsoft’s AZ-303 exam


  • General knowledge of Azure Active Directory

Related Training Content

To see more Microsoft Azurecontent, visit our Azure Training Library.


Azure Active Directory Conditional Access enables you to enforce controls on access to Cloud-based applications based on a set of defined conditions. Those conditions represent a conditional access policy which is integrated with your set of access controls. Conditional Access policy works with the principle of, when this happens, then do this. The, when this happens, is what triggers the conditional access policy. The two mandatory conditions are the user. That's who tried to access what. 

And the Cloud-based application, that's the what, which application was accessed. There are other optional conditions that you can apply to a policy. The, then do this, is the response of the policy. Conditional access policy does not grant access to the application, but sets conditions on how to access the application. Conditions can be accessed. This Cloud application, you must use multifactor authentication. With conditional access, we can enforce the use of multifactor authentication to Cloud-based applications like the Azure portal when not accessing it from the corporate network. Let's head back to the Azure portal and configure conditional access for multifactor authentication. Back in Azure Active Directory we will scroll down to conditional access, where we will select new policy. When the new blade appears we will provide a name of our policy. 

Let's call it MFA for Portal Access. Under users and groups, select users and groups radio button. Select the users and group check box. And select the appropriate group. Here we will select MFA users. Click select and click done. Under Cloud apps, select the select apps radio button. A list of Cloud applications will be presented and pick Microsoft Azure Management. Click select and click done. Under access control select grant and select the check box for require multifactor authentication. Click select. Enable the policy by switching the toggle to on and click create. Now we have created a conditional access policy for accessing the Azure Portal, by requiring the use of multifactor authentication.

About the Author

With over 15 years of experience in the IT industry, Eric Leonard is a Microsoft Azure MVP and a Cloud Solution Architect. Eric’s experience working with Microsoft technologies, with a strong emphasis on cloud and automation solutions, enables his clients to succeed in today’s technological environment. Eric has worked for clients in a variety of different industries including large and small enterprises, the public sector, professional services, education, and communications.

When he is not working, Eric believes in sharing his knowledge and giving back to the IT community. He is the co-organizer of the Ottawa IT community meetup, which has over 1,000 members, and he enjoys presenting and mentoring in the community.