Using Conditional Access Policies to Enable Microsoft Entra ID Multi-Factor Authentication
Microsoft has currently disabled new registrations for the MS 365 Dev program. For the time being, please treat the lab as read-only or bring your own MS 365 account. Our team is currently working on an update, thank you for your understanding.
Conditional access is a modern security mechanism that emphasizes identity as a security layer. It brings together signals from various sources such as the device a user attempts authentication from or the location from which they're attempting to authenticate and uses these signals to make a decision and enforce a policy. Microsoft Entra ID Conditional Access policies are simple if-then statements that work to verify every attempt at authentication.
In this lab, you will set up and test a conditional access policy to trigger a multi-factor authentication request.
Note: Due to this lab requiring the creation of a Microsoft 365 organization with an Admin Center, if you don't already have one you will need to provide a mobile phone number to pass the account creation process.
Upon completion of this lab, you will be able to:
- Create a custom conditional access policy in Microsoft Entra ID
- Test against target users whether the policy works
- Candidates studying for the SC-900 (Microsoft Security, Compliance, and Identity Fundamentals) Certification exam
- Familiarity with Microsoft Entra ID is recommended, but not necessary
Adil is a Microsoft Certified Trainer, former Azure Engineer, and loves all things Azure. He is a certified Azure Administrator and Azure DevOps Expert and has worked for some of the biggest MSPs in the world (Cognizant, New Signature, CoreAzure). He loves to combine his two passions: cloud and teaching.
Adil specializes in Azure Infrastructure services and has a curiosity for new, in-preview services from Azure, getting his hands familiar with the content before most of the world does. Outside of work, Adil helps run a growing community of IT professionals looking to break into the cloud and regularly runs workshops and webinars.