Control: Azure > CIS v3.0 > 02 - Identity > 02.02 - Conditional Access

For most Azure tenants, and certainly for organizations with a significant use of Microsoft Entra ID, Conditional Access policies are recommended and preferred. To use Conditional Access Policies, a licensing plan is required, and Security Defaults must be disabled. Because of the licensing requirement, all Conditional Access policies are assigned a profile of "Level 2."

Conditional Access requires one of the following plans:

• Microsoft Entra ID P1 or P2 • Microsoft 365 Business Premium • Microsoft 365 E3 or E5 • Microsoft 365 F1, F3, F5 Security and F5 Security + Compliance • Enterprise Mobility & Security E3 or E5