Over the past years, I’ve been maintaining a Conditional Access baseline that organizations can use as a starting point when implementing or reviewing their own Conditional Access policies in Microsoft Entra ID. The latest version v2025-10 (October 2025) is now available on GitHub:👉 https://github.com/kennethvs/cabaseline202510 This baseline contains a collection of policies that together form a…
Category: Entra
Configuring Conditional Access for Guest Users: Allowing Only Office 365 and Essential Apps
Introduction Configuring Conditional Access (CA) for guest users can be challenging when you want to strictly limit access to Office 365 and a few essential Microsoft services. Many Entra administrators have encountered scenarios where applying a “block all resources” policy breaks necessary functionality such as managing authentication methods, accepting invitations, or accessing user profile pages….
Comparing Web Filtering and Security: Microsoft Entra Internet Access (Global Secure Access) vs. Microsoft Defender for Endpoint (MDE)
Organizations face increasing challenges in securing internet traffic and enforcing web access policies in today’s hybrid work environment. Two key tools from Microsoft, Microsoft Entra Internet Access (Global Secure Access) and Microsoft Defender for Endpoint (MDE), offer robust capabilities for managing security and productivity on the endpoint. This article provides an in-depth comparison between the…
Navigating New Authentication Methods: SMS for Password Reset, Not for MFA
With the introduction of a converged policy combining settings from the legacy MFA portal and SSPR configuration, separating the use of SMS for password resets from its use as an MFA method has become challenging. This guide explains how to configure authentication policies effectively using authentication strengths in Microsoft Entra to address this issue. Table…