Conditional Access Microsoft 365 Perth — Explained

Conditional Access explained in plain English — how it protects your Microsoft 365 tenant and why DM1 configures it for every Perth business.

Talk to DM1 Today View Our Services

What Is Conditional Access?

Conditional Access is a Microsoft 365 security feature that controls who can access your tenant, from where, from what device, and under what conditions. In plain English: it lets you set rules like "only allow sign-in from Australia" or "require MFA unless on a managed, compliant device" or "block access from personal phones that don't have a PIN."

Conditional Access is available in Microsoft 365 Business Premium through Microsoft Entra ID. It's one of the most powerful security tools available to small businesses — and it's already included in the licence that many Perth businesses have. DM1 configures Conditional Access for every managed client.

What Can Conditional Access Do?

"Require MFA for all sign-ins"

The single most important Conditional Access policy. Even if a password is compromised, an attacker can't sign in without completing MFA on the legitimate user's phone.

"Block sign-ins from outside Australia"

For Perth businesses whose staff never work overseas, blocking all sign-in attempts from outside Australia prevents most credential-based attacks before they start.

"Require compliant devices only"

Only allow access from devices enrolled in Intune that meet your compliance policy — current OS, disk encryption, no jailbreak. Personal and unmanaged devices can be blocked.

"Block legacy authentication protocols"

Older email protocols like POP3 and IMAP don't support MFA. Conditional Access can block these protocols entirely, closing a common attacker bypass route.

"Require stronger MFA for admin accounts"

Global Admin accounts can be required to use FIDO2 security keys or certificate-based authentication — a higher bar than phone-based MFA.

"Restrict access to specific apps from specific conditions"

Allow staff to access email on personal phones but require Intune compliance to access SharePoint and Teams from the same device.

How DM1 Configures Conditional Access

Baseline Assessment

DM1 reviews your current Conditional Access policies — or the absence of them — and maps your staff devices and work patterns before applying any changes.

Apply Policies in Report-Only Mode

Before enforcing policies, DM1 runs them in report-only mode to confirm no legitimate users will be blocked. This prevents the misconfiguration issues that lock businesses out of their own tenant.

Enforce and Monitor

Once verified, policies are enforced and DM1 monitors sign-in logs for policy failures. Break-glass accounts are maintained to ensure recovery if a policy issue is ever discovered.

What DM1 Finds at New Client Onboarding

DISCOVERED DURING DM1 NEW CLIENT ONBOARDING

No Conditional Access policies — entire tenant accessible from any device anywhere

A Perth professional services firm with 12 staff had a Microsoft 365 Business Premium licence and zero Conditional Access policies configured. The tenant was accessible from any device, anywhere in the world, with just a password.

DISCOVERED DURING DM1 NEW CLIENT ONBOARDING

Conditional Access policy blocking all sign-ins — including the admin

A Perth business had misconfigured a Conditional Access policy that blocked all sign-ins. DM1 used break-glass account procedures to access the tenant and correct the policy without data loss.

DISCOVERED DURING DM1 NEW CLIENT ONBOARDING

Legacy authentication blocking MFA — attackers using SMTP relay to bypass controls

A Perth business had MFA enabled but legacy authentication allowed. An attacker was using basic SMTP authentication to access a mailbox without triggering MFA. DM1 blocked all legacy authentication protocols.

Get Conditional Access Configured Properly

DM1 configures Conditional Access for Perth businesses on Microsoft 365 Business Premium. Call (08) 6202 6012 to get your tenant properly secured.

Contact DM1 Today (08) 6202 6012