Managed Conditional Access Policies are rolling out. Are you ready?

Cyber threats are always changing, and Microsoft is stepping up its game with managed Conditional Access (CA) policies. This new feature targets Microsoft 365 Business and Enterprise customers and is the next big thing in keeping your organization safe. 

Starting in November 2023, Microsoft began adding new Microsoft-managed Conditional Access policies in report-only mode for all eligible tenants. After the policies are deployed to a tenant, they will be enabled after 90 days. This gives customers time to check out how these policies would affect their operations and make any changes or exclusions.  

The first policies to roll out are focused on multifactor authentication (MFA). Currently, Microsoft estimates that only 37 percent of customers use MFA. Studies have shown that MFA reduces the risk of account takeover by 99%, so it’s easy to see why Microsoft is focusing on MFA as a first effort. 

Now that the 90-day grace period is almost over, the policies will start being enforced in February and March 2024. It's important to get to know these policies and how they can help keep your organization safe. Customers can review the documentation on these policies and analyze the effects by reviewing Microsoft’s documentation –  

Alex Weinert, the VP of Identity Security at Microsoft, wrote a post on the Microsoft Security blog explaining all the details and benefits of this initiative. It's a must-read for anyone who wants to make sure their organization is following the best cybersecurity practices. 

Microsoft's managed Conditional Access policies are a game-changer for organizational security. By automating these policies, Microsoft is making security easier and more manageable for businesses of all sizes. As the enforcement phase gets closer, make sure to review these policies, understand their impact, and take steps to keep your organization safe in this new era of digital defense. 

Need help reviewing these policies? Just give us a shout!  



Microsoft's two-step verification solution safeguards access to your organization's data and applications while meeting user demand for a simple sign-on process. Learn about our Multi-Factor Authentication Engagement where we will examine your organization's current environment to custom-tailor an actionable roadmap that includes deployment, management, policy, security, and stay-current recommendations.