Task: Implement an Azure AD Conditional Access Policy

Video: Conditional Access Policy

Estimated time: 10 minutes

Goal

Create a conditional access policy that requires MFA when connecting to Azure with Azure management tools.

Pre-requisites

1. Azure subscription
2. Azure AD tenant with Premium P2 trial
3. A test user account in the global admin role in an Azure AD tenant. The account does not have MFA configured.

4. An available e-mail address or mobile phone with SMS text capability

   Completing previous tasks will meet pre-requisites 1-3. You may need to disable MFA for the test user.

Requirements

1. Create an Azure AD conditional access policy that requires MFA when an Azure AD account from your tenant accesses an Azure management tool.
2. Validate the conditional access policy

Requirement 1: Create and configure an Azure AD Conditional Access Policy

Define a conditional access policy for a global admin user. Use the following settings:

• Name: TaskPolicy
• Users and groups: ga
• Cloud apps or actions: Microsoft Azure Management
• Access Controls: Grant access with MFA
• Enble policy

Requirement 2: Validate the conditional access policy

You will now test the conditional access policy by logging in as the test global admin user.

• Open a new browser (or private/incognito window) and log in to https://myapps.microsoft.com as the test user.
• Click the Azure portal link.
• You should be prompted for MFA information.

Cleanup

Delete the conditional access policy created for this task.

Solution

Having trouble completing this task? View the demonstration video to see how to do it.