top of page

12 Microsoft 365 Security Features and Best Practice Guidance - 1: Conditional Access

What is it?

Conditional Access is a powerful security feature in Microsoft 365 that lets you control how and when users access your company’s data. Think of it as a security gate that only opens when the right conditions are met. It is designed to strike a balance between security and productivity by evaluating signals such as:


  • User location

  • Device compliance

  • Sign in risk

  • Group membership

  • Application being accessed


Instead of applying blanket restrictions, Conditional Access ensures users get access only when they meet specific requirements. For example, you could block access from unmanaged devices or enforce Multi Factor Authentication if a user is signing in from outside the UK.


What plans is it included in?

Conditional Access is included with the following Microsoft 365 and Azure subscriptions:


  • Microsoft 365 Business Premium

  • Microsoft 365 E3 and E5

  • Azure AD Premium P1 (included in the above)

  • Azure AD Premium P2 (for advanced capabilities like risk based policies)


Note: If you are using Microsoft 365 Business Standard or Basic, Conditional Access is not available. Upgrading to Business Premium is the most straightforward route.


Real world scenario

A Midlands based legal firm wanted to ensure that only trusted devices could access sensitive client data in SharePoint and Teams. Staff regularly worked remotely, but the firm needed to prevent logins from personal laptops and block access from outside the UK.


With Conditional Access, we implemented a policy that:


  • Allowed sign ins only from devices joined to Azure AD or compliant via Intune

  • Blocked all sign ins originating outside the UK

  • Prompted for Multi Factor Authentication if the sign in looked suspicious (for example new location or unfamiliar device)


The result? No disruption to staff, but a huge uplift in control and visibility and a big tick from their cyber insurance provider.


How HybrIT can help configure this

Conditional Access sounds simple, but it is easy to lock yourself or your users out without careful planning. That is where we come in.

HybrIT can:


  • Assess your environment and design policies that protect without getting in the way

  • Implement and test policies safely with pilot groups and report only mode

  • Train your internal teams on what is happening behind the scenes and how to manage it



Want to enable this for your Microsoft 365 tenant?


HybrIT can switch it on for you.


📞 Call us on 03330 156 702

Comments


hyblogo for social square.png

UK Head Office

Building 3, Royal Ordnance Depot

Weedon Bec

Northamptonshire

NN7 4PS

Something for you to consider:

01010111 01100101 00100000 01110111 01100001 01101110 01110100 00100000 01110100 01101111 00100000 01110111 01101111 01110010 01101011 00100000 01110111 01101001 01110100 01101000 00100000 01111001 01101111 01110101 00100001

​0333 015 6701

hello@hybrit.co.uk

  • LinkedIn
  • Facebook
duck copy.png
Approved Everything ICT Supplier Logo
ISO 9001 Mark White Certification Number.png
ISO 27001 Certification Mark
hybrit hope smile.png
netzerowebsite.png

© Copyright 2025 HybrIT Services Ltd. All rights reserved. Registered in England and Wales No. 10479291

bottom of page