Conditional Access policies at their simplest are if-then statements, if a user wants to access a resource, then they must complete an action. Example: A payroll manager wants to access the payroll application and is required to do multi-factor authentication to access it.

Administrators are faced with two primary goals:

• Empower users to be productive wherever and whenever
• Protect the organization’s assets

Use Conditional Access policies to apply the right access controls when needed to keep your organization secure.