Testing Conditional Access Policies with What If


I was recently helping out a colleague in implementing and testing some new conditional access policies around Geo Blocking and we wanted to understand if what we had setup was going to work. Traditionally this can be quite difficult depending on your scenarios, however Microsoft have recently introduced What If, so that you can test how your Conditional Access Policies will apply to a particular user.

Getting to What If is easy, go into the Entra admin Center under Protection > Conditional Access > Policies and then clicking on the What If button at the top of the CA policy list. Once the What If blade opens, we can select our User, and if we need our Cloud App. In this case, we’re testing access from a source country, Greece – we also need an IP matching so we’ve filled those in, then clicking the button will evaluate what happens.

In this case, we can see that the user is not a part of the required group so isn’t covered.

This is a powerful tool that allows you to explore your conditional access setup, and whether policies will or will not apply to your users or workloads without impacting BAU operatios.


Leave a Reply

More Posts

Remote Desktop is Blocked in Windows Firewall even though Group Policy Setting is set to allow

So I’m going through and trying to automate a lot of things in our environment (one thing you should always try and do as a SysAdmin is to automate repetitive tasks) and to help me achieve this I’m using Group Policy, step one is enable Remote Desktop to all of our Servers automatically. Created the Group […]

Fixing SQL Reporting Services The URL has already been reserved error during Configuration

I was recently helping out a colleague with an SQL Server Reporting Services (SSRS) installation. When it came time to configuring that instance of SSRS and making it listen on port 80 for that particular site we got The URL has already been reserved warning message, navigating to the Reporting Services URLs gives us a HTTP […]

Fixing the randomly stopping WsusPool IIS Application pool and Windows Updates failed 0x80244022 error

I was recently assisting a client with an upgrade of their Configuration Manager (SCCM) environment up to the latest release of 1702 and as part of that we’re also going over it’s currently deployed functionality and making sure it all works. They recently noted that clients were no longer receiving updates and ran the Software […]