💼 5.2 Conditional Access

• ID: /frameworks/cis-azure-v5.0.0/05/02

Description

For most Azure tenants, and certainly for organizations with a significant use of Microsoft Entra ID, Conditional Access policies are recommended and preferred. To use Conditional Access Policies, a licensing plan is required, and Security Defaults must be disabled. Because of the licensing requirement, all Conditional Access policies are assigned a profile of "Level 2." Conditional Access requires one of the following plans:

• Microsoft Entra ID P1 or P2 - Microsoft 365 Business Premium - Microsoft 365 E3 or E5 - Microsoft 365 F1, F3, F5 Security and F5 Security + Compliance - Enterprise Mobility & Security E3 or E5

Similar

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 CIS Azure v6.0.0 → 💼 5.2 Conditional Access (reference)					no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 5.2.1 Ensure that 'trusted locations' are defined (Manual)			1		no data
💼 5.2.2 Ensure that an exclusionary geographic Conditional Access policy is considered (Manual)			1		no data
💼 5.2.3 Ensure that an exclusionary device code flow policy is considered (Manual)			1		no data
💼 5.2.4 Ensure that a multifactor authentication policy exists for all users (Manual)			1		no data
💼 5.2.5 Ensure that multifactor authentication is required for risky sign-ins (Manual)			1		no data
💼 5.2.6 Ensure that multifactor authentication is required for Windows Azure Service Management API (Manual)			1		no data
💼 5.2.7 Ensure that multifactor authentication is required to access Microsoft Admin Portals (Manual)			1		no data
💼 5.2.8 Ensure a Token Protection Conditional Access policy is considered (Manual)			1		no data