Policy: Azure > CIS v4.0 > 06 - Identity Services > 06.02 - Conditional Access
For most Azure tenants, and certainly for organizations with a significant use of Microsoft Entra ID, Conditional Access policies are recommended and preferred. To use Conditional Access Policies, a licensing plan is required, and Security Defaults must be disabled. Because of the licensing requirement, all Conditional Access policies are assigned a profile of "Level 2."
Conditional Access requires one of the following plans:
• Microsoft Entra ID P1 or P2 • Microsoft 365 Business Premium • Microsoft 365 E3 or E5 • Microsoft 365 F1, F3, F5 Security and F5 Security + Compliance • Enterprise Mobility & Security E3 or E5
Primary Policy
This policy is used with the following primary policy:
Related Policies
- 06.02.01 - Ensure that 'trusted locations' are defined
- 06.02.02 - Ensure that an exclusionary geographic Conditional Access policy is considered
- 06.02.03 - Ensure exclusionary device code flow policy is considered
- 06.02.04 - Ensure that a multifactor authentication policy exists for all users
- 06.02.05 - Ensure that multifactor authentication is required for risky sign-ins
- 06.02.06 - Ensure that multifactor authentication is required for Windows Azure Service Management API
- 06.02.07 - Ensure that multifactor authentication is required to access Microsoft Admin Portals
Category
In Your Workspace
Developers
- tmod:@turbot/cis#/control/categories/cis
- tmod:@turbot/azure-cisv4-0#/policy/types/s0602
- turbot graphql policy-type --id "tmod:@turbot/azure-cisv4-0#/policy/types/s0602"
- turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/azure-cisv4-0#/policy/types/s0602"
Get Policy TypeGet Policy Settings
Category URI
Policy Type URI
GraphQL
CLI