IDEE
← Entra ID Guides Function Guides for Admins

Method 2: Create Conditional Access Policy

(Recommended for most organizations)

  1. Access Conditional Access

    • Sign in as a Conditional Access Administrator

    • Go to: Protection β†’ Conditional Access β†’ New Policy

  2. Configure Policy

    • Name: E.g., "MFA Exclusions - Trusted Networks"

    • Assignments:

      • Users: Include All users

      • Exclude: Break-glass accounts (critical!)

    • Target Resources:

      • Include: All cloud apps

      • Exclude: Apps not needing MFA (optional)

    • Access Controls:

      • Select Grant access β†’ 3rd Party MFA

  3. Deploy

    • Set to Report-only initially for testing

    • Click Create