Read time: 8 minutes

Preventing security threats in cloud platforms is becoming increasingly difficult as time progresses. Hence, to protect data stored in Office 365, Microsoft has a security feature called Conditional access. Conditional access in Office 365 is a powerful way to manage access to your organization’s data and applications. This is done using Azure Active Directory Conditional Access policies. You can create multiple Conditional Access policies and apply them to different users and user groups as required. For example, you can create a policy that allows access to Office 365 services only from specific IP ranges or allows access only from Intune-managed devices, etc.

To set up Conditional Access in Office 365, you’ll have to create policies in Microsoft Entra ID (Azure AD) to verify sign-in attempts. Moreover, it lets you control who can access your resources based on location, device type, and authentication method. In this article, we will show you how to set up conditional access in Office 365. We will also explain the different conditions you can use to restrict access. Let us get started!

What is Conditional Access in Office 365?

Conditional Access in Office 365 helps to keep your organization’s data safe by preventing unauthorized access. When an attempt is made to access a resource, such as an email account, Conditional Access will check to see if the user has been granted permission to access the resource. If the user does not have permission, they will be denied access.

This helps to ensure that only authorized users can access sensitive data and helps to prevent data breaches. In addition to preventing unauthorized access, Conditional Access can also be used to enforce other security policies, such as requiring two-factor authentication. By Configuring Conditional Access, you can help to keep your organization’s data safe and secure in Office 365.

Now we know that there are many different ways that you can use conditional access in Office 365. The possibilities are endless. So, we will now walk you through the basics step by step.

Why Set Up Conditional Access in Microsoft 365?

Microsoft introduced the Conditional Access feature to strengthen their security policies. Some essential benefits of this feature include:

  • Prevention of credential attacks and phishing: Conditional policies like risk-based MFA and Location-based policies are set in place to protect data from credential attacks and phishing attempts. Day by day, these attacks have become very common.
  • Zero Trust implementation: This security model is deployed when Conditional Access is set up in Office 365. This model functions on the ‘never trust, always verify’ framework, that considers every login attempt as suspicious.
  • Compliance check: Setting up Conditional Access also makes sure that only those devices can sign in that comply with industry standards like HIPAA, GDPR, etc.
  • Limits session time: Enforcing Conditional Access in Office 365 also allows users to control time for each session, requiring users to login frequently.

Things to Keep in Mind Before Setting Up Conditional Access in Office 365

There are certain things you must verify before proceeding to set up Conditional Access in Office 365. These pre-requisites are essential to verify in order to avoid any potential mistakes or errors.

  • Relevant licenses: Microsoft Entra ID P1 is required to set up basic Conditional Access Policies, and Microsoft Entra ID P2 is needed to set up risk-based Conditional Access Policies. Both of these licenses are included in the Microsoft 365 Business Premium plan.
  • Necessary permissions: Permissions like Global Administrator, Security Administrator, or Conditional Access Administrator are needed to set up Conditional Access in Microsoft 365.
  • Emergency admin account: Create at least one ‘break glass’ admin account to avoid losing access to your Office 365 account if Conditional Access fails.
  • MFA setup: Make sure that you’ve communicated with the users before enforcing the Multi-Factor Authentication policy.

Setting Up Office 365 Conditional Access Policy

Conditional access is a fantastic way to keep your data safe while still providing users with the flexibility they need. Users must start with creating a policy and setting the required conditions. At last, they need to give access to the groups and users to complete the setup of the Conditional access in Office 365. Follow each step below.

  1. First, you will need to create a policy. You can do this by going to the Azure portal. Follow these steps:
    • Log in to the Azure portal (https://portal.azure.com/) using your Global Administrator account.
    • Go to Azure Active Directory and go to the tab Security.
    • Next, you need to tap on Conditional Access and choose the option New Policy.
  2. Once you have created your policy, you will need to apply it to your Office 365 Groups or users.
    • Enter a suitable name for the policy and click Next.
    • Under the Assignments page, select Users and Groups, and here you need to provide access to the users and groups you wish to add. Tap on Done.

      • Note: You can also specify exceptions separately in the Users and Groups section. Select Grant access and click Done>Next until you reach the Assignments page.

  3. Now, you can choose the Cloud apps and actions to provide conditional security to apps.
    • From the Assignments page, choose the option Cloud apps or actions.
    • Choose the Office 365 apps, and you can use this Conditional Access policy to protect Office 365 apps and other services.
    • Tap on Done.
  4. Here comes the time to provide conditional access to different platforms.
    • Under the Assignments page, click on Conditions.
    • Select the platforms to which you want to apply this Conditional Access policy by clicking on Device Platforms.
    • Tap on Done.

      • Using Microsoft Azure, third-party MDM solutions can manage Windows10 devices and restrict access to all other types of devices.

  5. We are now on to the last step to grant access to enable the policy.
    • Within the Access controls option, select Grant.
    • You can now configure the action that will be taken when the conditions are met. Ensure the device must be marked as compliant by selecting Grant access.
    • Within the Enable policy tab, choose On, and tap on Create.

      • That’s it! You have now set up conditional access in Office 365. You can now use this policy to control access to your O365 services for different users or user groups as required. Sometimes there are situations where Office 365 users are unable to unlock their Temporarily Locked Office 365 account and the potential reason could be the Conditional Access Policies, they’ve set up. To unlock the account successfully, they might have to disable the Conditional Access Policies set up. However, it is recommended to re-apply all the policies as soon as you’ve unlocked your Office 365 account.

How to Disable the Conditional Policy on the Azure Portal?

The Conditional Access policy must be disabled on the Azure portal if you want to remove the policy from all devices. Here are the steps to follow.

  1. Access Azure Portal using your credentials, click Azure Active Directory and tap on Security.
  2. Under the Security tab, click on Conditional Access.
  3. You can now select the Azure policy that you wish to remove.
  4. On the Enable policy page, select the Off option and click Save.

This will remove the Conditions of Access policy completely and allow all previously selected users and groups to access Office 365 included in the Conditions of Access policy.

How to protect your Office 365 data?

There are chances that while setting up these policies, you might make mistakes unintentionally. These mistakes can lock up your account and make your data inaccessible. Thus, it’s recommended to backup all your essential data to a safe location. Choosing a reliable automated solution ensures that your data is backed up safely in file formats like PST. Here we have the perfect solution for all your backup needs: Kernel Export Office 365 to PST.

Free Download 100% Secure

The software is designed to back up emails, contacts, calendars, and all other items of user mailboxes stored in Office 365. It offers a number of features that makes it an ideal choice for Office 365 data backup. Some of the key features are:

  • Allows users to select single or multiple mailboxes for backup.
  • Allows users to filter backup by date range, item type, and source.
  • Generates a report of the backup process that contains the number of items backed up, the time taken, etc.
  • Support incremental and full backups.
  • Has an option to export emails to PST, EML, MSG, and MBOX file format.
  • Compatible with all versions of Microsoft Outlook and Exchange Server.

Last Say

Conditional access is a top feature for protecting your Office 365 data. By using conditional access, you can create rules that determine how users can access Office 365 resources depending on their location, device type, or sign-in method. You can also use conditional access to require Multi-Factor Authentication for certain users or groups. If you are not already taking advantage of conditional access in Office 365, we encourage you to start using it today.

Moreover, if you face any issues, then it would be wise to keep a backup of all your important data with our tool. Contact us today to learn more about how we can help you protect your Office 365 investment.

Frequently Asked Questions

Q1. How can I check Conditional Access in Office 365?

A. Go to the Microsoft Entra admin center, then navigate to Protection > Conditional Access > Policies > What If. Select the user and check which policies apply.

Q2. Is my data safe with Conditional Access Policies?

A. Yes, with policies like risk-based analysis, MFA, and Location Based policies, the threat of phishing and credential-based attacks is reduced significantly.

Q3. Which license should I purchase to enable O365 Conditional Access?

A. Two licenses, Microsoft Entra ID P1 and Microsoft Entra ID P2 of the Microsoft 365 Business Premium plan, are required to enable O365 Conditional Access.

Q4. Where can I set up conditional access in M365?

A. Simply sign into the Microsoft Entra ID Admin Center and go to Security > Conditional Access. Set the required policies, configure users, apps, and access controls there.

Kernel Export Office 365 to PST
Related Posts
Steps to recover data in Office 365 from ransomware attack
Steps to recover data in Office 365 from ransomware attack
Steps to setup DMARC in Office 365
Steps to setup DMARC in Office 365
Methods to Setup DKIM for Microsoft 365
Methods to Setup DKIM for Microsoft 365