Forum Discussion

John Gruber's avatar
John Gruber
Brass Contributor
Jan 20, 2023

9 top recommended conditional access policies to secure your Microsoft 365 environment

1. Block login except from certain countries
2. Block unused device operating systems
3. Require compliant devices
4. Require Hybrid Azure AD joined device
5. Require an app protection policy
6. Block high-user risk
7. Block high sign-in risk
8. Require MFA
9. Block basic/legacy authentication

 

To learn how to set them up go to 9 Conditional Access Policies You'll Kick Yourself for Not Setting Up 

  • For 6 and 7 I would rather choose self-remediation of the high risk with password change and MFA 😉
  • For 6 and 7 I would rather choose self-remediation of the high risk with password change and MFA 😉
  • RonS_'s avatar
    RonS_
    Copper Contributor

    John Gruber - why require Hybrid Joined devices?  This flies in the face of current Microsoft preference to move customers to a cloud-only solution, meaning Azure joined only.

Resources