Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
Cannot retrieve contributors at this time
title description services ms.service ms.subservice ms.topic ms.date ms.author author manager ms.reviewer ms.collection
Conditional Access templates
Deploy commonly used Conditional Access policies with templates
calebb, lhuangnorth

Conditional Access templates (Preview)

Conditional Access templates provide a convenient method to deploy new policies aligned with Microsoft recommendations. These templates are designed to provide maximum protection aligned with commonly used policies across various customer types and locations.

:::image type="content" source="media/concept-conditional-access-policy-common/conditional-access-policies-azure-ad-listing.png" alt-text="Conditional Access policies and templates in the Azure portal." lightbox="media/concept-conditional-access-policy-common/conditional-access-policies-azure-ad-listing.png":::

There are 14 Conditional Access policy templates, filtered by five different scenarios:

  • Secure foundation
  • Zero Trust
  • Remote work
  • Protect administrators
  • Emerging threats
  • All

Find the templates in the Azure portal > Azure Active Directory > Security > Conditional Access > New policy from template (Preview). Select Show more to see all policy templates in each scenario.

:::image type="content" source="media/concept-conditional-access-policy-common/create-policy-from-template-identity.png" alt-text="Create a Conditional Access policy from a preconfigured template in the Azure portal." lightbox="media/concept-conditional-access-policy-common/create-policy-from-template-identity.png":::

[!IMPORTANT] Conditional Access template policies will exclude only the user creating the policy from the template. If your organization needs to exclude other accounts, you will be able to modify the policy once they are created. Simply navigate to Azure portal > Azure Active Directory > Security > Conditional Access > Policies, select the policy to open the editor and modify the excluded users and groups to select accounts you want to exclude.

By default, each policy is created in report-only mode, we recommended organizations test and monitor usage, to ensure intended result, before turning each policy on.

Organizations can select individual policy templates and:

  • View a summary of the policy settings.
  • Edit, to customize based on organizational needs.
  • Export the JSON definition for use in programmatic workflows.
    • These JSON definitions can be edited and then imported on the main Conditional Access policies page using the Import policy file option.

Conditional Access template policies

* These four policies when configured together, provide similar functionality enabled by security defaults.

Other common policies

User exclusions

[!INCLUDE active-directory-policy-exclusions]

Next steps