12 Microsoft 365 Security Features and Best Practice Guidance - 1: Conditional Access
- HybrIT Marketing
- 3 days ago
- 2 min read

What is it?
Conditional Access is a powerful security feature in Microsoft 365 that lets you control how and when users access your company’s data. Think of it as a security gate that only opens when the right conditions are met. It is designed to strike a balance between security and productivity by evaluating signals such as:
User location
Device compliance
Sign in risk
Group membership
Application being accessed
Instead of applying blanket restrictions, Conditional Access ensures users get access only when they meet specific requirements. For example, you could block access from unmanaged devices or enforce Multi Factor Authentication if a user is signing in from outside the UK.
What plans is it included in?
Conditional Access is included with the following Microsoft 365 and Azure subscriptions:
Microsoft 365 Business Premium
Microsoft 365 E3 and E5
Azure AD Premium P1 (included in the above)
Azure AD Premium P2 (for advanced capabilities like risk based policies)
Note: If you are using Microsoft 365 Business Standard or Basic, Conditional Access is not available. Upgrading to Business Premium is the most straightforward route.
Real world scenario
A Midlands based legal firm wanted to ensure that only trusted devices could access sensitive client data in SharePoint and Teams. Staff regularly worked remotely, but the firm needed to prevent logins from personal laptops and block access from outside the UK.
With Conditional Access, we implemented a policy that:
Allowed sign ins only from devices joined to Azure AD or compliant via Intune
Blocked all sign ins originating outside the UK
Prompted for Multi Factor Authentication if the sign in looked suspicious (for example new location or unfamiliar device)
The result? No disruption to staff, but a huge uplift in control and visibility and a big tick from their cyber insurance provider.
How HybrIT can help configure this
Conditional Access sounds simple, but it is easy to lock yourself or your users out without careful planning. That is where we come in.

HybrIT can:
Assess your environment and design policies that protect without getting in the way
Implement and test policies safely with pilot groups and report only mode
Train your internal teams on what is happening behind the scenes and how to manage it
Want to enable this for your Microsoft 365 tenant?
HybrIT can switch it on for you.
📞 Call us on 03330 156 702
📧 Email hello@hybrit.co.uk
Comments