CA Policy Analyzer

This report shows CA policies for important categories. In contrast to the What-If Checker Report it's not using the CA What-If simulator, but rather generically groups existing policies for certain use cases

All CA Policies

Target All Resources (All Cloud Apps)

Users Instead Of Groups

Block WI in Untrusted Networks - NOT IMPLEMENTED

Blocking Policies

Exclusions

Multiple Requirements w/ OR Grant

User Actions

Network

Policies Targeting Networks

Conditions

Device Platforms

Device Platform Blocks

Target Legacy Authentication

User Risk

Sign-In Risk

Insider Risk

Device Filter

Auth Flows

Grant Controls

App Protection Policies

Approved Client App

Authentication Strength

Compliant Device

Hybrid Join

Mfa

Mfa AllUsers AllResources

Password Change

Display Name	Target Resources	Excluded Resources	Included Users	Included Groups	Excluded Users	Excluded Groups	Grant Controls	State
Multifactor authentication for Microsoft partners and vendors	All	None	All	None	None	None	Mfa	Enabled
Report Test - STAY OFF	MicrosoftAdminPortals Office365	None	8075e657-6f56-48b2-bd34-61bb2aeecc90 9d6ddf22-fb48-45da-875e-792840d2e049	None	285c668d-1a88-44a5-93a6-d1e0d17365b2	None	Requires All Controls Mfa ApprovedApplication	Disabled
blocking test policy	All	None	9d6ddf22-fb48-45da-875e-792840d2e049 7c1a1766-d514-40ef-9bf8-c63799d6bcc9	242695e2-be48-49a3-ad36-d7ff3aee99ef	None	None	Block	EnabledForReportingButNotEnforced
blocking platforms - Alex Wilber	All	None	7c1a1766-d514-40ef-9bf8-c63799d6bcc9	None	None	None	Block	Enabled
Alex Wilber test policy - require MFA	All	None	7c1a1766-d514-40ef-9bf8-c63799d6bcc9	None	5e47ca4c-e62e-4439-b230-51ebe71d96ec	f945ef19-81aa-4c97-8f15-b2ea037123d7	Mfa	Enabled
Alex Wilber test policy - require compliant device	All	None	7c1a1766-d514-40ef-9bf8-c63799d6bcc9	None	None	None	Requires Only One Control CompliantDevice ApprovedApplication	Enabled
Block Legacy authentication clients	All	None	All	None	285c668d-1a88-44a5-93a6-d1e0d17365b2	None	Block	Enabled
ALL users require MFA	None	None	All	None	None	None	Mfa	Enabled
user risk test	All	None	7c1a1766-d514-40ef-9bf8-c63799d6bcc9	None	None	None	Block	Enabled
Sign-in Risk	All	None	7c1a1766-d514-40ef-9bf8-c63799d6bcc9	None	None	None	Block	Enabled
Insider risk	All	None	7c1a1766-d514-40ef-9bf8-c63799d6bcc9	None	None	None	Block	Enabled
multiple grant requirements OR control	None	None	4235619a-1fbb-47c8-a6a4-856d558d776a	None	None	None	Requires Only One Control Mfa CompliantDevice DomainJoinedDevice ApprovedApplication	EnabledForReportingButNotEnforced
multiple grants AND control	None	None	8075e657-6f56-48b2-bd34-61bb2aeecc90	None	None	None	Requires All Controls Mfa CompliantDevice	EnabledForReportingButNotEnforced
all users all resources test	All	None	All	None	285c668d-1a88-44a5-93a6-d1e0d17365b2	None	Mfa	EnabledForReportingButNotEnforced
require authentication strengh	All	None	bcd398cd-8ce7-4a9d-a8df-85babea26e35	None	None	None	None	Enabled
require app control policies	All	None	7c1a1766-d514-40ef-9bf8-c63799d6bcc9	None	None	None	CompliantApplication	EnabledForReportingButNotEnforced
approved application	All	None	7c1a1766-d514-40ef-9bf8-c63799d6bcc9	None	None	None	ApprovedApplication	EnabledForReportingButNotEnforced
require hybrid join	All	None	7c1a1766-d514-40ef-9bf8-c63799d6bcc9	None	None	None	DomainJoinedDevice	EnabledForReportingButNotEnforced
password change	All	None	7c1a1766-d514-40ef-9bf8-c63799d6bcc9	None	None	None	PasswordChange	EnabledForReportingButNotEnforced
filtered devices	All	None	7c1a1766-d514-40ef-9bf8-c63799d6bcc9	None	None	None	Mfa	EnabledForReportingButNotEnforced
Authentication flows	All	None	7c1a1766-d514-40ef-9bf8-c63799d6bcc9	None	None	None	Mfa	EnabledForReportingButNotEnforced
networks test all locations	All	None	7c1a1766-d514-40ef-9bf8-c63799d6bcc9	None	None	None	Mfa	EnabledForReportingButNotEnforced
Use app enforced restrictions	Office365	None	7c1a1766-d514-40ef-9bf8-c63799d6bcc9	None	None	None	None	EnabledForReportingButNotEnforced
Conditional Access App Control	All	None	7c1a1766-d514-40ef-9bf8-c63799d6bcc9	None	None	None	None	EnabledForReportingButNotEnforced
Sign-in frequency	All	None	7c1a1766-d514-40ef-9bf8-c63799d6bcc9	None	None	None	None	EnabledForReportingButNotEnforced
Persistent browser session	All	None	7c1a1766-d514-40ef-9bf8-c63799d6bcc9	None	None	None	None	EnabledForReportingButNotEnforced
Disable resilience defaults	All	None	7c1a1766-d514-40ef-9bf8-c63799d6bcc9	None	None	None	None	EnabledForReportingButNotEnforced
Require token protection for sign-in sessions	00000002-0000-0ff1-ce00-000000000000	None	None	None	None	None	None	EnabledForReportingButNotEnforced
reegister security information	None	None	7c1a1766-d514-40ef-9bf8-c63799d6bcc9	None	None	None	Requires All Controls Mfa CompliantDevice	Enabled
Register or join devices	None	None	7c1a1766-d514-40ef-9bf8-c63799d6bcc9	None	None	None	Mfa	Enabled