Forum Discussion

Skipster311-1's avatar
Skipster311-1
Iron Contributor
Aug 26, 2021

CA Policy order

Hello all

I am trying to understand what order CA polices are applied in? Example is below. If groupA is used in both polices with both polices be evaluated and settings merged ?

 

1. CApolicy1

  • applies to GroupA
  • Office 365 app
  • Browser, Mobile apps and desktop clients checked.
  • grant access, require mfa

2. CApolicy2

  • applies to GroupA
  • Office 365 app
  • Andriod,iOS,macOS
  • Browser, mobile apps and desktop clients
  • require mfa , require device to be marked as compliant
  • There is no order. Every Policy is evaluated separately and the policy with the most restrictions will apply. So please make sure that you don't have two policies with the same assignments and different access controls. But for troubleshooting purpose you can analyze the Azure AD sign in logs. There you see the applied CA-Policies.
  • There is no order. Every Policy is evaluated separately and the policy with the most restrictions will apply. So please make sure that you don't have two policies with the same assignments and different access controls. But for troubleshooting purpose you can analyze the Azure AD sign in logs. There you see the applied CA-Policies.

Resources