Conditional Access Policies
The Conditional Access Policies page provides a list of enumerated conditional access policies in entire Azure. The list contains the Display Name, State, and Created Date Time.
Conditional Access Policies Details
Details page contains the Exposure Point ,Information, Includes, and Excludes panes.
Details
Details tab contains attributes below about group managed service account object.
Display Name
The name of the conditional access policy as shown in the Azure portal, typically describing the policy’s intent or function.
State
Indicates the current operational state of the policy. Report-only means the policy is being monitored but not enforced, allowing admins to evaluate its impact before activation.
Policy Identifier
A unique identifier for the policy; this field is blank if not exposed or required for current configuration.
Object ID
A globally unique identifier (GUID) assigned to the policy within Azure AD, used for managing the policy programmatically or via scripting.
Applies To All Users
Set to True when the policy targets all users in the tenant, with no specific inclusion filters.
Is Organization Default
Indicates whether the policy is the default baseline for the organization. False means it's a custom policy.
Applies To All Applications
When True, the policy applies to all cloud applications within the tenant.
Created Date
The date and time when the policy was originally created in the Azure AD tenant.
Exclude All Users
Set to False if no users are excluded from the policy scope.
User Risk Levels
Defines which user risk levels (e.g., Low, Medium, High) trigger the policy. This is blank if not configured.
Exclude All Applications
Indicates whether all applications are excluded from the policy. False means the policy applies to at least some applications.
Sign In Risk Levels
Specifies which sign-in risk levels, if any, activate the policy. This field is blank if risk-based conditions are not used.
Built In Controls
The built-in enforcement control(s) that the policy applies. In this case, the control is block, which prevents access when the policy conditions are met.
Device States
If configured, this specifies particular device compliance states (e.g., compliant or domain-joined) that are evaluated. This is blank if not set.
Client App Types
Lists the types of client applications the policy applies to. All means the policy covers all app types, including browser, mobile, and desktop apps.
Includes
Includes tab contains a list of objects that the conditional access policy include. This list also contains Guid and Type columns to identify these objects.
Excludes
Excludes tab contains a list of objects that the conditional access policy exclude. This list also contains Guid and Type columns to identify these objects.
Last updated
Was this helpful?