Skip to main content

I wanted to share my study notes in a simple and practical way — especially for beginners who get confused when a policy doesn’t apply as expected.
This is purely based on my own learning and lab practice 😊 As my previous post was general, I decided to share this one in a more technical way (including each and every step). Feel free to have a look!
Don’t just memorise each and every step. Read it, understand the concepts, and try to explain it to yourself in your own words !! 💯

🚨 The Common Problem

You create a Conditional Access policy:
 ✔ Require MFA
 ✔ Apply to all users
 ✔ Enable the policy
But when the user signs in…
👉 No MFA prompt
👉 Policy says “Not Applied”
👉 Everything looks correct
So what went wrong?

🧠 My Simple Troubleshooting Formula
When a Conditional Access policy doesn’t apply, I check these 7 things:

1️⃣ Check Sign-in Logs FIRST (Always!)
This is the most important step.
Go to:
 Entra Admin CenterSign-in logs → Conditional Access tab

It will tell you:
Which policies applied
Which did NOT apply
The exact reason
💡 90% of issues can be found here.

2️⃣ Is the Policy Enabled?
Sometimes it’s still in:
 🟡 Report-only mode
In that case, it will evaluate but NOT enforce.
Make sure it’s set to:
 🟢 On

3️⃣ Was the User Excluded?
Very common mistake.
Check:
 Assignments → Users → Exclusions
The user might:
Be inside an excluded group
Be a break-glass emergency account
If excluded → Policy won’t apply.

4️⃣ Is the Correct App Selected?
Example mistake:
Policy targets:
 ✔ Office 365
But user signs into:
 ✔ Azure Portal
Different app → Policy won’t trigger.

5️⃣ Do the Conditions Actually Match?
If policy says:
 ✔ Windows devices only
But user logs in from:
 📱 iPhone
The condition is NOT met → Policy not applied.

6️⃣ Device Compliance Issues
If policy requires:
 ✔ Device marked as compliant
Then:
Device must be enrolled in Intune
Compliance policy must be assigned
Device must show compliant status
Otherwise → Access may not be blocked.

7️⃣ Another Policy Might Override It
Remember:
🔴 If ANY policy says “Block” → Access is blocked
🟢 If multiple policies apply → ALL grant controls must be satisfied
So always review all applied policies.

🎯 My Biggest Learning
Conditional Access is not “broken” most of the time.
It simply follows logic very strictly:
User + App + Condition = Control
If one doesn’t match → Policy won’t apply.

📚 Why I’m Sharing This
I’m currently revising SC-300 topics and strengthening my Azure identity skills as part of my interview preparation after a career gap.
Writing these notes helps me:
Reinforce concepts
Think like a real engineer
Prepare for scenario-based interview questions
And I hope it helps someone else too 😊

🔎 Key Takeaway
If Conditional Access isn’t applying:
👉 Don’t guess.
👉 Don’t recreate the policy immediately.
👉 Start with Sign-in Logs.

Comments

Post a Comment

Popular posts from this blog

What Is Kubernates?

Kubernates , also called K8s is an open-source platform for automating the deployment, scaling and management of containerized applications. Kubernates develops by Googlw and now maintained by Cloud Native Computing Foundation( CNCF). For example : There are bunch of applications running in containers(Like Docker containers) across many server , we need to Start them Stop them if they crash Move them if a server goes down Scale them up / down Expose them to the network Roll out new versions safely Kubernates automates all of the fuctions mentioned above. Key Functions of Kubernates: Function What it does Orchestration Automatically runs containers across many servers. Scheduling Decides  which server (node)  should run each container. Scaling Adds or removes containers automatically based on load. Self-healing Restarts failed containers, replaces unhealthy on...
Post a Comment
Read more
  Title: A Guide to Enrolling Devices into Microsoft Intune: Exploring Different Methods. In today’s increasingly mobile workforce, ensuring that devices are secure and compliant is more important than ever. Microsoft Intune provides a comprehensive solution for managing devices, applications, and data—especially as more organizations adopt cloud-based management strategies. However, to effectively manage devices with Intune, they first need to be enrolled. In this article, we’ll explore the three primary methods of enrolling devices into Microsoft Intune : Azure AD Join , Company Portal , and Work or School Account enrollment. Each method has its own use cases and advantages, depending on the organization's needs. 1. Enrolling via Microsoft Entra (Azure AD Join) Azure AD Join is used when an organization wants to fully manage corporate devices in the cloud, with no reliance on on-premises Active Directory (AD). This method is ideal for organizations that have transitioned to...
Post a Comment
Read more
Title: My MS-102 Certification Journey and Microsoft 365 Internship Experience Published by: Rajeswary Nadarajan Date: 7th July 2025 Introduction Every career journey has a turning point. For me, that turning point was passing the MS-102: Microsoft 365 Administrator certification and beginning my internship in Microsoft 365 administration. Coming from a Desktop Engineer background with over 10 years of experience, I always dreamed of transitioning into cloud and modern IT roles. This post is a reflection of my preparation, achievement, and what I’ve learned during my internship so far. Why I Chose MS-102 I wanted to move beyond on-premise support and gain real skills that employers are looking for in modern IT environments. Microsoft 365 is at the heart of collaboration, security, compliance, and productivity today. After researching certification paths, I found that MS-102 perfectly aligned with my goals: To become proficient in Microsoft 365 identity, access, security, compliance, an...
Post a Comment
Read more