The Excel version of my Azure AD Conditional Access Policy Design Baseline is Now Available Online

I’ve been spending the last couple of weeks in me and my families off-grid cabin with no running water and no electricity. It’s a primitive lifestyle and, ironically enough, that’s where I go to fuel my batteries. Now I’m online ones again and ready for a new year of exciting Microsoft cloud adventures.

During my summer vacation I’ve gotten a lot of requests for an Excel version of my Conditional Access policy design baseline. The baseline is in version five and it has protected tens of thousands of users for the last two years. Conditional Access strategies has been one of my primary focus areas and more and more customers are looking into zero-trust as their next step on the security journey.

See my original post from 2018

Feel free to implement this baseline if you find it valuable. Also, feel free to use the Excel spreadsheet as a template for your own design. I’ll make sure to PM anyone who expressed their interest in the Excel version.

Download the Excel version here!

Please follow me here, on LinkedIn and on Twitter!

@DanielChronlund

2 thoughts on “The Excel version of my Azure AD Conditional Access Policy Design Baseline is Now Available Online

  1. Hi Daniel, thanks for sharing this! How do you do to manage the Hybrid AD device group Intune Enrollment? I mean, you have some kind of dynamic group or you must to put every managed computer in this group? I’m asking you this because of the configuration” Grants access to managed Windows devices that are Hybrid Azure AD Joined (joined to on-prem AD and Azure AD).”

  2. Hi! No group is used for this. Conditional Access detects a Windows 10 device that’s using a modern authentication client in the policy you mentioned. If those conditions are met, Hybrid Azure AD Join is required or the authentication is blocked. The policy is applied to all users so no one slips by.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s