CIPP Documentation
Ask or search…
Comment on page

Conditional Access best practices

Setup your Conditional Access policies for CIPP.
To make sure CIPP is able to access your tenants securely we recommend the usage of Conditional Access. Both your, and your clients Conditional Access Policies will need to be configured for optimal usage.

Setup of your conditional access policies

  1. 1.
    Browse to the Conditional Access Policies blade in Azure.
  2. 2.
    Exclude the CIPP service account from each existing policy.
  3. 3.
    Create a new policy and include the CIPP user. Enforce Azure Multi-factor Authentication for each logon, each application.
  4. 4.
    Save this policy under the name "CIPP Service Account Conditional Access Policy"

Setup of clients conditional access policies

DAP and GDAP are affected by your clients conditional access policies. To make sure you can access your clients using your CIPP integration user we recommend excluding the MSP from the Conditional Access Policy per Microsoft's Documentation
  1. 1.
    Browse to your client's Conditional Access Policies blade in Azure.
  2. 2.
    For each policy listed. Add an exclusion to "Users and Groups" with the following settings: - Guest or external users - Service Provider Users - Selected, enter your tenantid. If you do not know what your tenant id is you can look this up at