Public preview: “What If” tool for Azure AD Conditional Access policies
Azure AD Conditional Access (CA) has really taken off. Organizations around the world are using it to ensure secure, compliant access to applications. Every month, Conditional Access is now used to protect over 10K organizations and over 10M active users! It’s amazing to see how quickly our customers have put it to work!
Weve received lot of feedback about the user impact of Conditional Access. Specifically, with this much power at your fingertips, you need a way to see how CA policies will impact a user under various sign-in conditions.
We heard you, and today I am happy to announce the public preview of the What If tool for Conditional Access. The What If tool helps you understand the impact of the policies on a user sign-in, under conditions you specify. Rather than waiting to hear from your user about what happened, you can simply use the What If tool.
Ready to start playing with the tool? You can simply follow these steps:
- Go to Azure AD Conditional access
- Click on What If
- Select the user you want to test
- [Optional] Select app, IP address, device platforms, client app, sign-in risk as needed
- Click on What If and view the policies that will impact the user sign-in
Sometimes the question that youre trying to answer is not What policies will apply but Why is a policy not applying? The tool can help you with that too! Switch to the Policies that will not apply tab and you can view the policy name and, more importantly, the reason why a policy didnt apply. Isnt that cool?
Want to learn more about the What If tool?
Tell us what you think
This is just a start. Were already working to deliver more innovation in this area. As always, wed love to hear any feedback or suggestions you have on this preview, or anything about Azure AD Conditional Access. Weve even created a short survey on the What If tool for you to participate in.
We look forward to hearing from you!
Alex Simons (Twitter: @Alex_A_Simons)
Director of Program Management
Microsoft Identity Division
Source: EM+S Blog Feed