In case you don’t remember what is all about Azure AD Conditional Access, I suggest that you click here to take a look at the previous articles in my blog that deal with this.
Let’s talk about a new feature that was announced to be in Public Preview, the so called “What If” tool for Conditional Access. This tool will let you understand the impact of a Conditional Access Policy on a user sign-in, under conditions that you specify. Do you remember the on-premises Group Policy Modeling console? Well, it should give you similar results, meaning you can see how the policies will be applied to a user, rather than waiting for the user to tell you (and complain in some cases…).
So let’s see how it works:
Go to the Azure Portal, and select Azure AD Conditional Access, then click on What If:
Select the user you want to test and optionally select app, IP address, device platforms, client app, sign-in risk, and then click on the blue What If button:
And these are the results that you get:
Which policies WIIL NOT apply? This is helpful when you want to know the reason when a policy is not applied:
Want to learn more about the What If tool? Click here to go to the related Microsoft Docs article.