Conditional Access in Entra ID enables policy-based decisions regarding access to resources. Each Condition Access policy consists of one or more conditions assignments and one or more access controls.
...
Assignments
The conditions assignments of a policy include
...
resources and conditions. The resources can be users, groups, directory roles, applications or service principals defined in Entra ID. The conditions can limit the policy to only apply when requests originate from specific networks or geographic locations or from specific client applications or devices.
Access Controls
The access controls of a policy include access grant controls and session controls. The access grant controls can grant or block access to resources. The session controls can modify session behavior such as limiting session duration.
...
The following policies are applied to the utexas tenant in Azure Active Directory.
Expand | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Exceptions
Microsoft Surface Hub devices are not compatible with Conditional Access Policies and are unable to authenticate unless they are manually excluded from every policy per https://docs.microsoft.com/en-us/surface-hub/create-and-test-a-device-account-surface-hub.
...