CA Policy order

Iron Contributor

Hello all

I am trying to understand what order CA polices are applied in? Example is below. If groupA is used in both polices with both polices be evaluated and settings merged ?


1. CApolicy1

  • applies to GroupA
  • Office 365 app
  • Browser, Mobile apps and desktop clients checked.
  • grant access, require mfa

2. CApolicy2

  • applies to GroupA
  • Office 365 app
  • Andriod,iOS,macOS
  • Browser, mobile apps and desktop clients
  • require mfa , require device to be marked as compliant
1 Reply
best response confirmed by Skipster311-1 (Iron Contributor)
There is no order. Every Policy is evaluated separately and the policy with the most restrictions will apply. So please make sure that you don't have two policies with the same assignments and different access controls. But for troubleshooting purpose you can analyze the Azure AD sign in logs. There you see the applied CA-Policies.