As you know you can secure access to your resources using Azure AD Conditional Access policies.
Well, good news, it is now going to be easier to create Conditional Access policies thanks to the use of templates.
To create Conditional Access policy using templates, connect to your Azure AD portal (https://aad.portal.azure.com/) to access the Azure Active Directory\Security\Conditional Access\Policies blade and use the Create new policy using templates
You have 2 conditional access policy types – depending to what you want to get the policy applied:
- Identities
- Devices
For each type, you have predefined templates:
- Identities
- Require MFA for admins (quite self-explanatory)
- Securing security information registration which allows SSPR and MFA registration only from trusted locations
- Block legacy authentication (quite self-explanatory too)
- Require MFA for all users (quite self-explanatory too)
- Require MFA for guest (quite self-explanatory too)
- Require MFA for Azure management (quite self-explanatory too)
- Require MFA for risky sign-ins (quite self-explanatory too)
- Require password change for high-risk users
- Devices
- Device compliance which requires the device you are using to access the resource is compliant or hybrid AD joined
- Block access for unknown or unsupported device platform (quite self-explanatory)
- No persistent browser session which prevent session to persist on unmanaged device
- Require approved client apps and protection (quite self-explanatory too)
- Require compliant device or MFA for all users which is some sort of merger between the Device compliance and Require MFA for all users
- Use application enforced restrictions for unmanaged device
For each template you have a link (View policy summary) which shows the configuration settings which are displayed on the right side as an additional blade.
You can not edit the templates or create your own ones but once you have created the policy based on a template you can then edit it to adjust.