Conditional Access — Solving Microsoft 365

Conditional Access is the policy engine in Microsoft Entra ID that decides what to do with a sign-in attempt based on signals: the user, the app they're accessing, their device's compliance state, their location, the network they're on, and the risk level of the sign-in. A policy can allow the sign-in, block it, or grant it subject to controls like MFA, a compliant device, a managed app, or a session-policy restriction. Conditional Access requires Entra ID P1 (included with most Microsoft 365 business and enterprise plans). It is the practical mechanism for enforcing zero-trust principles in Microsoft 365.