Enabling Report-Only Conditional Access Policies [CHK-1173]
Attic identifies and creates rules in Conditional Access in report-only mode for evaluation before switching them to blocking mode.
Rationale
This check is there so you do not forget to set these rules to blocking mode. Otherwise the conditional access policies will not function.
Fix
Manual steps:
- Navigate to the Entra admin center.
- Open Conditional Access Policies.
- Select the policy you want to evaluate and click the "view impact" button to see which users are affected.
- If the impact is acceptable, proceed to step 6.
- If the impact is unacceptable, create exceptions in the policy, such as excluding the user or device in question.
- Enable the policy by clicking the "enable" button.
Impact
Enabling the policy activates its preventive effect, enhancing the security of your system.
More Information
For more details, visit Microsoft's guide on Conditional Access exclusion.