Policy: Azure > CIS v3.0 > 02 - Identity > 02.02 - Conditional Access
For most Azure tenants, and certainly for organizations with a significant use of Microsoft Entra ID, Conditional Access policies are recommended and preferred. To use Conditional Access Policies, a licensing plan is required, and Security Defaults must be disabled. Because of the licensing requirement, all Conditional Access policies are assigned a profile of "Level 2."
Conditional Access requires one of the following plans:
• Microsoft Entra ID P1 or P2 • Microsoft 365 Business Premium • Microsoft 365 E3 or E5 • Microsoft 365 F1, F3, F5 Security and F5 Security + Compliance • Enterprise Mobility & Security E3 or E5
Primary Policy
This policy is used with the following primary policy:
Related Policies
- 02.02.01 - Ensure Trusted Locations Are Defined
- 02.02.02 - Ensure that an exclusionary Geographic Access Policy is considered
- 02.02.03 - Ensure that an exclusionary Device code flow policy is considered
- 02.02.04 - Ensure that A Multi-factor Authentication Policy Exists for Administrative Groups
- 02.02.05 - Ensure that A Multi-factor Authentication Policy Exists for All Users
- 02.02.06 - Ensure Multi-factor Authentication is Required for Risky Sign-ins
- 02.02.07 - Ensure Multi-factor Authentication is Required for Windows Azure Service Management API
- 02.02.08 - Ensure Multi-factor Authentication is Required to access Microsoft Admin Portals
Category
In Your Workspace
Developers
- tmod:@turbot/cis#/control/categories/cis
- tmod:@turbot/azure-cisv3-0#/policy/types/s0202
- turbot graphql policy-type --id "tmod:@turbot/azure-cisv3-0#/policy/types/s0202"
- turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/azure-cisv3-0#/policy/types/s0202"
Get Policy TypeGet Policy Settings
Category URI
Policy Type URI
GraphQL
CLI