Moving Conditional Access policies from report-only to enforced mode can secure your environment - or lock everyone out. This post walks through safe rollout strategies using ring deployments, the What If tool, Policy Impact, Log Analytics, Workbooks, Gap Analyzer, and real KQL queries. Learn how to monitor, test, adjust and confidently turn policies on without breaking access or business operations.

Learn how to use custom security attributes in Entra ID to target apps that don’t appear in Conditional Access. This step-by-step guide covers attribute sets, names, and values, plus real scenarios like legacy authentication, persona-based targeting, and enforcing MFA. We’ll also explore cross-tenant access settings to securely trust MFA and device claims from partner tenants.

Conditional Access Essentials aren’t just about writing policies – it’s about managing real-world scenarios. In this guide, I show how to handle tricky exclusions with Temporary Access Pass (TAP) for seamless onboarding, and Identity Governance with Access Packages for secure travel and exception management. Whether you’re new to Conditional Access or already designing enterprise-grade policies, this post gives you practical steps you can apply straight away.

This instalment of Conditional Access Essentials explores authentication contexts, PIM, and securing sensitive resources. Learn how to enforce step-up MFA, apply authentication contexts to SharePoint sites, and protect privileged roles with real-world policy examples, limitations, and best practices.

Strengthen your Conditional Access strategy with practical essentials. Explore how RMAUs, Named Locations, Authentication Strengths, and Service Principals protect sensitive accounts, secure apps, and enforce the right access for every persona. Real-world guidance for building resilient, manageable policies.

Master Conditional Access with a Zero Trust, persona-based approach. Learn how to structure policies, avoid security gaps, and keep everything organised with clear naming conventions. From discovery workshops to practical use cases, this guide helps you design scalable, secure policies that work in the real world.

Discover how Microsoft Conditional Access protects your Microsoft 365, Entra, and Azure environments. Learn the essentials, explore real-world use cases, and see the art of the possible with practical examples. From securing identities to controlling device access, this guide is your starting point for mastering Conditional Access in a modern Zero Trust security strategy.

This blog talks about setting up Adaptive Protection for Insider Risk Management. The process involves Insider Risk Management working in tandem with Conditional Access, both of which require the E5 level of licence. If you’re navigating this setup, you’re in the right place. In this blog, I’ll walk you through the steps, share some key definitions, and help you avoid common pitfalls (yes, including the dreaded false positives that can block users unnecessarily!).

*In the spirit of the upcoming Easter festivities, I thought it'd be quite fitting to envision our Microsoft groups as eggs nestled...