Skip to content

Enterprise Mobility + Security


Hi folks,

Azure AD Conditional Access (CA) has really taken off. Organizations around the world are using it to ensure secure, compliant access to applications. Every month, Conditional Access is now used to protect over 10K organizations and over 10M active users! It’s amazing to see how quickly our customers have put it to work!

We’ve received lot of feedback about the user impact of Conditional Access. Specifically, with this much power at your fingertips, you need a way to see how CA policies will impact a user under various sign-in conditions.

We heard you, and today I am happy to announce the public preview of the “What If” tool for Conditional Access. The What If tool helps you understand the impact of the policies on a user sign-in, under conditions you specify. Rather than waiting to hear from your user about what happened, you can simply use the What If tool.

Get started

Ready to start playing with the tool? You can simply follow these steps:

  • Go to Azure AD Conditional access
  • Click on What If

  • Select the user you want to test

  • [Optional] Select app, IP address, device platforms, client app, sign-in risk as needed
  • Click on “What If” and view the policies that will impact the user sign-in

Sometimes the question that you’re trying to answer is not “What policies will apply” but “Why is a policy not applying?” The tool can help you with that too! Switch to the “Policies that will not apply” tab and you can view the policy name and, more importantly, the reason why a policy didn’t apply. Isn’t that cool?

Want to learn more about the What If tool?

Tell us what you think

This is just a start. We’re already working to deliver more innovation in this area. As always, we’d love to hear any feedback or suggestions you have on this preview, or anything about Azure AD Conditional Access. We’ve even created a short survey on the What If tool for you to participate in.

We look forward to hearing from you!

Best regards,

Alex Simons (Twitter: @Alex_A_Simons)

Director of Program Management

Microsoft Identity Division