𝐇𝐨𝐰 𝐂𝐨𝐧𝐝𝐢𝐭𝐢𝐨𝐧𝐚𝐥 𝐀𝐜𝐜𝐞𝐬𝐬 𝐏𝐨𝐥𝐢𝐜𝐢𝐞𝐬 𝐀𝐫𝐞 𝐄𝐯𝐚𝐥𝐮𝐚𝐭𝐞𝐝 𝐢𝐧 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐄𝐧𝐭𝐫𝐚 𝐈𝐃

Understanding how Conditional Access policies are evaluated in Entra ID is absolutely essential if you are involved in their creation or management. I often encounter fundamental misunderstandings regarding how the evaluation of Conditional Access policies takes place. Many administrators are accustomed to systems like firewalls, where there is an order or priority for evaluating created rules.

Do you know how authentication works in #AzureAD? The purpose of #authentication is to verify that we really are who we say we are. But how is it possible that our login remains active even if we close the browser? Let's take a look at how tokens work in Azure AD. [1/5] After a successfully authentication, Azure AD issues a set of #tokens. An access token defaults to one hour and grants the user access to a single resource. If a user accesses multiple resources, they will have multiple access tokens. [2/5]

#OrganizationalUnits (OU) are a way to assign permissions to only certain parts of the organization in onprem #ActiveDirectory. Very often it is unwanted for admins to have permissions over the entire organization. But how to achieve this in Azure AD? [1/4] For a long time, this was not possible, and companies wanted some equivalent of OUs. That's why in Azure AD we have #AdministrativeUnits (AU), which is the equivalent of organizational units from Active Directory. [2/4]