SOLVED
Home

deplicate conditional access baseline policies

%3CLINGO-SUB%20id%3D%22lingo-sub-744866%22%20slang%3D%22en-US%22%3Edeplicate%20conditional%20access%20baseline%20policies%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-744866%22%20slang%3D%22en-US%22%3E%3CP%3EI%20want%20to%20test%20the%20End%20user%20protection%20CA%20policy%20but%20I%20don't%20want%20to%20enable%20it%20for%20all%20users%20yet.%20Is%20it%20possible%20to%20recreate%20that%20baseline%20but%20allowing%20me%20to%20limit%20what%20users%2Fgroups%20it%20applies%20to%3F%3C%2FP%3E%3CP%3EI%20like%20that%20it%20ties%20into%20risky%20signin%20and%20leaked%20creds%2C%20but%20don't%20see%20those%20options%20when%20I%20create%20my%20own%20policy.%3C%2FP%3E%3CP%3Ethanks!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-744866%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAccess%20Management%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-745377%22%20slang%3D%22en-US%22%3ERe%3A%20deplicate%20conditional%20access%20baseline%20policies%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-745377%22%20slang%3D%22en-US%22%3E%3CP%3EIt's%20possible.%20The%20whole%20idea%20behind%20the%20baseline%20policies%20is%20to%20offer%20a%20pre-configured%20policy%20with%20relaxed%20license%20requirements.%20If%20you%20already%20have%20AAD%2FEMS%20licenses%20in%20your%20tenant%20you%20can%20create%20similar%20policies%20yourself%2C%20with%20better%20customizability.%20In%20particular%2C%20the%20%22user%20risk%22%20condition%20can%20be%20found%20under%20the%20Conditions%20group%20-%26gt%3B%20Sign-in%20risk.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-754683%22%20slang%3D%22en-US%22%3ERe%3A%20deplicate%20conditional%20access%20baseline%20policies%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-754683%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3EMy%20conditions%20options%20are%20only%26nbsp%3B%3C%2FP%3E%3CP%3Edevice%20platform%3C%2FP%3E%3CP%3Elocations%3C%2FP%3E%3CP%3Eclient%20apps%3C%2FP%3E%3CP%3Edevice%20state%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20a%20E5%20with%20EMS%20E3.%20I%20think%20that%20includes%20AAD%20P1%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20EMS%20E5%20or%20AAD%20P2%20required%20to%20use%20the%20sign-in%20risk%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ethanks%2Cjb%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-755122%22%20slang%3D%22en-US%22%3ERe%3A%20deplicate%20conditional%20access%20baseline%20policies%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-755122%22%20slang%3D%22en-US%22%3E%3CP%3EYup%2C%20you%20need%20AAD%20P2%2FEMS%20E5.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Jason Benway
Contributor

I want to test the End user protection CA policy but I don't want to enable it for all users yet. Is it possible to recreate that baseline but allowing me to limit what users/groups it applies to?

I like that it ties into risky signin and leaked creds, but don't see those options when I create my own policy.

thanks!

3 Replies

It's possible. The whole idea behind the baseline policies is to offer a pre-configured policy with relaxed license requirements. If you already have AAD/EMS licenses in your tenant you can create similar policies yourself, with better customizability. In particular, the "user risk" condition can be found under the Conditions group -> Sign-in risk.

@Vasil MichevMy conditions options are only 

device platform

locations

client apps

device state

 

I have a E5 with EMS E3. I think that includes AAD P1

 

Is EMS E5 or AAD P2 required to use the sign-in risk?

 

thanks,jb

Solution

Yup, you need AAD P2/EMS E5.

Related Conversations
Extentions Synchronization
Deleted in Discussions on
3 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
36 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
9 Replies