💼 6.2 Conditional Access

Contextual name: 💼 6.2 Conditional Access
ID: /frameworks/cis-azure-v4.0.0/06/02
Located in: 💼 6 Identity Services

Description

For most Azure tenants, and certainly for organizations with a significant use of Microsoft Entra ID, Conditional Access policies are recommended and preferred. To use Conditional Access Policies, a licensing plan is required, and Security Defaults must be disabled. Because of the licensing requirement, all Conditional Access policies are assigned a profile of "Level 2." Conditional Access requires one of the following plans: • Microsoft Entra ID P1 or P2 • Microsoft 365 Business Premium • Microsoft 365 E3 or E5 • Microsoft 365 F1, F3, F5 Security and F5 Security + Compliance • Enterprise Mobility & Security E3 or E5

Similar

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags
💼 6.2.1 Ensure that 'trusted locations' are defined (Manual)			1
💼 6.2.2 Ensure that an exclusionary geographic Conditional Access policy is considered (Manual)			1
💼 6.2.3 Ensure that an exclusionary device code flow policy is considered (Manual)			1
💼 6.2.4 Ensure that a multifactor authentication policy exists for all users (Manual)			1
💼 6.2.5 Ensure that multifactor authentication is required for risky sign-ins (Manual)			1
💼 6.2.6 Ensure that multifactor authentication is required for Windows Azure Service Management API (Manual)			1
💼 6.2.7 Ensure that multifactor authentication is required to access Microsoft Admin Portals (Manual)			1

Description​

Similar​

Sub Sections​

Description

Similar

Sub Sections