9 top recommended conditional access policies to secure your Microsoft 365 environment


1. Block login except from certain countries
2. Block unused device operating systems
3. Require compliant devices
4. Require Hybrid Azure AD joined device
5. Require an app protection policy
6. Block high-user risk
7. Block high sign-in risk
8. Require MFA
9. Block basic/legacy authentication


To learn how to set them up go to 9 Conditional Access Policies You'll Kick Yourself for Not Setting Up 

1 Reply
best response confirmed by John Gruber (Contributor)
For 6 and 7 I would rather choose self-remediation of the high risk with password change and MFA ;)