SOLVED
Home

deplicate conditional access baseline policies

%3CLINGO-SUB%20id%3D%22lingo-sub-744866%22%20slang%3D%22en-US%22%3Edeplicate%20conditional%20access%20baseline%20policies%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-744866%22%20slang%3D%22en-US%22%3E%3CP%3EI%20want%20to%20test%20the%20End%20user%20protection%20CA%20policy%20but%20I%20don't%20want%20to%20enable%20it%20for%20all%20users%20yet.%20Is%20it%20possible%20to%20recreate%20that%20baseline%20but%20allowing%20me%20to%20limit%20what%20users%2Fgroups%20it%20applies%20to%3F%3C%2FP%3E%3CP%3EI%20like%20that%20it%20ties%20into%20risky%20signin%20and%20leaked%20creds%2C%20but%20don't%20see%20those%20options%20when%20I%20create%20my%20own%20policy.%3C%2FP%3E%3CP%3Ethanks!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-744866%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAccess%20Management%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-745377%22%20slang%3D%22en-US%22%3ERe%3A%20deplicate%20conditional%20access%20baseline%20policies%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-745377%22%20slang%3D%22en-US%22%3E%3CP%3EIt's%20possible.%20The%20whole%20idea%20behind%20the%20baseline%20policies%20is%20to%20offer%20a%20pre-configured%20policy%20with%20relaxed%20license%20requirements.%20If%20you%20already%20have%20AAD%2FEMS%20licenses%20in%20your%20tenant%20you%20can%20create%20similar%20policies%20yourself%2C%20with%20better%20customizability.%20In%20particular%2C%20the%20%22user%20risk%22%20condition%20can%20be%20found%20under%20the%20Conditions%20group%20-%26gt%3B%20Sign-in%20risk.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-754683%22%20slang%3D%22en-US%22%3ERe%3A%20deplicate%20conditional%20access%20baseline%20policies%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-754683%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3EMy%20conditions%20options%20are%20only%26nbsp%3B%3C%2FP%3E%3CP%3Edevice%20platform%3C%2FP%3E%3CP%3Elocations%3C%2FP%3E%3CP%3Eclient%20apps%3C%2FP%3E%3CP%3Edevice%20state%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20a%20E5%20with%20EMS%20E3.%20I%20think%20that%20includes%20AAD%20P1%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20EMS%20E5%20or%20AAD%20P2%20required%20to%20use%20the%20sign-in%20risk%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ethanks%2Cjb%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-755122%22%20slang%3D%22en-US%22%3ERe%3A%20deplicate%20conditional%20access%20baseline%20policies%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-755122%22%20slang%3D%22en-US%22%3E%3CP%3EYup%2C%20you%20need%20AAD%20P2%2FEMS%20E5.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Jason Benway
Contributor

I want to test the End user protection CA policy but I don't want to enable it for all users yet. Is it possible to recreate that baseline but allowing me to limit what users/groups it applies to?

I like that it ties into risky signin and leaked creds, but don't see those options when I create my own policy.

thanks!

3 Replies

It's possible. The whole idea behind the baseline policies is to offer a pre-configured policy with relaxed license requirements. If you already have AAD/EMS licenses in your tenant you can create similar policies yourself, with better customizability. In particular, the "user risk" condition can be found under the Conditions group -> Sign-in risk.

@Vasil MichevMy conditions options are only 

device platform

locations

client apps

device state

 

I have a E5 with EMS E3. I think that includes AAD P1

 

Is EMS E5 or AAD P2 required to use the sign-in risk?

 

thanks,jb

Solution

Yup, you need AAD P2/EMS E5.

Related Conversations
flashing a white screen while open new tab
cntvertex in Discussions on
13 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
22 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
28 Replies
PacketMon Components are not loading in WAC 1909
HotCakeX in Windows Admin Center on
2 Replies