Forum Discussion

Fahadgul3333's avatar
Fahadgul3333
Copper Contributor
Aug 22, 2024

We have multiple Licenses I want to Implement Conditional Access Policy

Hello Everyone,     We have multiple Licenses I want to Implement Security on all users.   I created a Group, added all Company users to this group, and assigned a P1 license to this group.   ...
best practices
business
enterprise
General
kyazaferr's avatar
kyazaferr
Steel Contributor
Nov 19, 2024
  1. Create a Security Group:
    • You already created a group and assigned the P1 license to it. Ensure this group is used for granting access.
  2. Conditional Access Policy:
    • Navigate to Azure Active Directory > Security > Conditional Access and create a new policy.
    • In the Assignments section:
      • Users or workload identities: Include All Users, and exclude the group with licensed users (e.g., "Licensed Users Group").
    • Cloud Apps or Actions: Apply the policy to relevant applications (e.g., Office 365, Exchange Online, etc.).
    • Conditions: You can add conditions, like device platform or location, depending on your needs.
    • Access Controls: Set the policy to Block Access.
  3. Testing the Policy:
    • Before enabling the policy, ensure you have a break-glass account excluded from the policy for emergencies.
    • Test the policy with newly created users outside the group to verify they are blocked.
  4. Grant Access to New Users:
    • When a new user is created, they will initially be blocked.
    • To grant access, add the user to the "Licensed Users Group."

Resources