Skip to main content

I wanted to share my study notes in a simple and practical way — especially for beginners who get confused when a policy doesn’t apply as expected.
This is purely based on my own learning and lab practice 😊 As my previous post was general, I decided to share this one in a more technical way (including each and every step). Feel free to have a look!
Don’t just memorise each and every step. Read it, understand the concepts, and try to explain it to yourself in your own words !! 💯

🚨 The Common Problem

You create a Conditional Access policy:
✔ Require MFA
✔ Apply to all users
✔ Enable the policy
But when the user signs in…
👉 No MFA prompt
👉 Policy says “Not Applied”
👉 Everything looks correct
So what went wrong?

🧠 My Simple Troubleshooting Formula
When a Conditional Access policy doesn’t apply, I check these 7 things:

1️⃣ Check Sign-in Logs FIRST (Always!)
This is the most important step.
Go to:
Entra Admin CenterSign-in logs → Conditional Access tab

It will tell you:
Which policies applied
Which did NOT apply
The exact reason
💡 90% of issues can be found here.

2️⃣ Is the Policy Enabled?
Sometimes it’s still in:
🟡 Report-only mode
In that case, it will evaluate but NOT enforce.
Make sure it’s set to:
🟢 On

3️⃣ Was the User Excluded?
Very common mistake.
Check:
Assignments → Users → Exclusions
The user might:
Be inside an excluded group
Be a break-glass emergency account
If excluded → Policy won’t apply.

4️⃣ Is the Correct App Selected?
Example mistake:
Policy targets:
✔ Office 365
But user signs into:
✔ Azure Portal
Different app → Policy won’t trigger.

5️⃣ Do the Conditions Actually Match?
If policy says:
✔ Windows devices only
But user logs in from:
📱 iPhone
The condition is NOT met → Policy not applied.

6️⃣ Device Compliance Issues
If policy requires:
✔ Device marked as compliant
Then:
Device must be enrolled in Intune
Compliance policy must be assigned
Device must show compliant status
Otherwise → Access may not be blocked.

7️⃣ Another Policy Might Override It
Remember:
🔴 If ANY policy says “Block” → Access is blocked
🟢 If multiple policies apply → ALL grant controls must be satisfied
So always review all applied policies.

🎯 My Biggest Learning
Conditional Access is not “broken” most of the time.
It simply follows logic very strictly:
User + App + Condition = Control
If one doesn’t match → Policy won’t apply.

📚 Why I’m Sharing This
I’m currently revising SC-300 topics and strengthening my Azure identity skills as part of my interview preparation after a career gap.
Writing these notes helps me:
Reinforce concepts
Think like a real engineer
Prepare for scenario-based interview questions
And I hope it helps someone else too 😊

🔎 Key Takeaway
If Conditional Access isn’t applying:
👉 Don’t guess.
👉 Don’t recreate the policy immediately.
👉 Start with Sign-in Logs.

Comments

Popular posts from this blog

What Is Kubernates?

Kubernates , also called K8s is an open-source platform for automating the deployment, scaling and management of containerized applications. Kubernates develops by Googlw and now maintained by Cloud Native Computing Foundation( CNCF). For example : There are bunch of applications running in containers(Like Docker containers) across many server , we need to Start them Stop them if they crash Move them if a server goes down Scale them up / down Expose them to the network Roll out new versions safely Kubernates automates all of the fuctions mentioned above. Key Functions of Kubernates: Function What it does Orchestration Automatically runs containers across many servers. Scheduling Decides  which server (node)  should run each container. Scaling Adds or removes containers automatically based on load. Self-healing Restarts failed containers, replaces unhealthy on...
  Title: A Guide to Enrolling Devices into Microsoft Intune: Exploring Different Methods. In today’s increasingly mobile workforce, ensuring that devices are secure and compliant is more important than ever. Microsoft Intune provides a comprehensive solution for managing devices, applications, and data—especially as more organizations adopt cloud-based management strategies. However, to effectively manage devices with Intune, they first need to be enrolled. In this article, we’ll explore the three primary methods of enrolling devices into Microsoft Intune : Azure AD Join , Company Portal , and Work or School Account enrollment. Each method has its own use cases and advantages, depending on the organization's needs. 1. Enrolling via Microsoft Entra (Azure AD Join) Azure AD Join is used when an organization wants to fully manage corporate devices in the cloud, with no reliance on on-premises Active Directory (AD). This method is ideal for organizations that have transitioned to...

Cloud Assessment & Migration Journey

  1. Cloud Assessment Analyze current IT infrastructure and workloads. Evaluate cloud readiness and select the appropriate cloud model. 2. Planning and Strategy Develop a cloud migration strategy and plan. Estimate costs and compare with potential benefits. 3. Migration Preparation Assess and prioritize applications and data for migration. Choose migration tools and frameworks. 4. Execution Conduct a pilot migration to test the process. Perform full migration in phases, minimizing business disruption. 5. Post-Migration Test and optimize migrated workloads. Provide training and support for cloud tools. 6. Continuous Improvement Monitor cloud resources for performance and cost. Collect feedback and refine strategies.