Conditional Access “What If”

If you are using multiple conditional access policies in your Azure AD environment things can start to get complex when trying to work out which policies will be applied due to the many variables and granular control. This is where the “What if” feature is awesome. You can simulate the impact of a CA policy by specifying the conditions you want to be tested. This is particularly useful to ensure the policy has been setup correctly before assigning the policy in production and later finding out you have accidently blocked users from accessing corporate data.

Navigate to https://portal.azure.com > Azure Active Directory > Conditional Access

image

Choose the conditions which you want to simulate i.e Accessing any cloud app from an iOS Device through a Browser

Note: You must specify a user

image

The output will show which policies would be applied and the grant controls of the policy i.e Require MFA or Require Domain-Joined device

image

You can also see a list of policies which would not apply in this scenario and the reason which they wouldnt apply i.e. Policy not enabled

image

I often use this for troubleshooting so I can quickly work out which policy is causing undesirable behaviour and resolve it.

Jake Stoker

Jake Stoker

Enteprise Mobility + Security SME