Policy: Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access
For most Azure tenants, and certainly for organizations with a significant use of Azure Active Directory, Conditional Access policies are recommended and preferred. To use conditional access policies, a licensing plan is required, and Security Defaults must be disabled. Conditional Access requires one of the following plans: • Azure Active Directory Premium P1 or P2 • Microsoft 365 Business Premium • Microsoft 365 E3 or E5 • Microsoft 365 F1, F3, F5 Security and F5 Security + Compliance • Enterprise Mobility & Security E3 or E5
Resource Types
This policy targets the following resource types:
Primary Policy
This policy is used with the following primary policy:
Related Policies
- 1.02.01 - Ensure Trusted Locations Are Defined
- 1.02.02 - Ensure that an exclusionary Geographic Access Policy is considered
- 1.02.03 - Ensure that A Multi-factor Authentication Policy Exists for Administrative Groups
- 1.02.04 - Ensure that A Multi-factor Authentication Policy Exists for All Users
- 1.02.05 - Ensure Multi-factor Authentication is Required for Risky Sign-ins
- 1.02.06 - Ensure Multi-factor Authentication is Required for Azure Management
Controls
- Azure > CIS v2.0
- Azure > CIS v2.0 > 01 - Identity and Access Management
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access
Policy Specification
Schema Type | |
|---|---|
Default | |
Category
In Your Workspace
Developers
- tmod:@turbot/cis#/control/categories/cis
- tmod:@turbot/azure-cisv2-0#/policy/types/s0102
- turbot graphql policy-type --id "tmod:@turbot/azure-cisv2-0#/policy/types/s0102"
- turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/azure-cisv2-0#/policy/types/s0102"
Get Policy TypeGet Policy Settings
Category URI
Policy Type URI
GraphQL
CLI