CA Policies

This page lists all the Conditional Access Policies on the selected tenant. This lists everything that's available in the Microsoft Endpoint Manager (MEM) portal, including the applications the CA applies to and used built-in controls.

Page Actions

Deploy CA Policy

Deploying Conditional Access is possible in two ways; using the deploy conditional access wizard to deploy a single policy or using the CIPP standards to deploy a template that will automatically redeploy if any changes are made.

Using the Deploy Conditional Access Policy Wizard you can change several settings in the policy such as the way usernames are replaced, the method used to deploy the state, and which exclusions are in place. When using templates from other tenants into a new tenant, make sure you select the correct replacement method, e.g. "Replace IDs with Display Names".

When using a Standard, you also are able to select these options; however, the replacement mode used will always be "Replace IDs with Display Names" to prevent the policy from not working on other tenants.

Table Details

The properties returned are for the Graph resource type conditionalAccessPolicy. For more information on the properties please see the Graph documentation. CIPP does some additional correlation to convert some of the GUID attributes into display names for ease of reading.

Table Actions

Template Creation

Using the action button "Create Template based on rule" you can create a one-off template of a conditional access rule in a tenant that will be available in CA Templates.

Creating a template includes all properties of the conditional policy templated; Inclusions and exclusions are translated and stored in CIPP for redeployment. When redeploying the template on any tenant every setting is included, such as Conditional Access Named locations, Authentication strengths, and any other setting.

Feature Requests / Ideas

We value your feedback and ideas. Please raise any feature requests on GitHub.