Conditional Access Microsoft 365 Perth: Explained

Conditional Access explained in plain English: how it protects your Microsoft 365 tenant and why DM1 configures it for every Perth business.

Talk to DM1 TodayView Our Services

What Is Conditional Access?

Conditional Access is a Microsoft 365 security feature that controls who can access your tenant, from where, from what device, and under what conditions. In plain English: it lets you set rules like "only allow sign-in from Australia" or "require MFA unless on a managed, compliant device" or "block access from personal phones that don't have a PIN."

Conditional Access is available in Microsoft 365 Business Premium through Microsoft Entra ID. It's one of the most powerful security tools available to small businesses, and it's already included in the licence that many Perth businesses have. DM1 configures Conditional Access for every managed client.

What Can Conditional Access Do?

Require MFA for all sign-ins

The single most important Conditional Access policy. Even if a password is compromised, an attacker can't sign in without completing MFA on the legitimate user's phone.

Block sign-ins from outside Australia

For Perth businesses whose staff never work overseas, blocking all sign-in attempts from outside Australia prevents most credential-based attacks before they start.

Require compliant devices only

Only allow access from devices enrolled in Intune that meet your compliance policy: current OS, disk encryption, no jailbreak. Personal and unmanaged devices can be blocked.

Block legacy authentication protocols

Older email protocols like POP3 and IMAP don't support MFA. Conditional Access can block these protocols entirely, closing a common attacker bypass route.

Require stronger MFA for admin accounts

Global Admin accounts can be required to use FIDO2 security keys or certificate-based authentication, a higher bar than phone-based MFA.

Restrict access to specific apps from specific conditions

Allow staff to access email on personal phones but require Intune compliance to access SharePoint and Teams from the same device.

How DM1 Configures Conditional Access

1

Baseline Assessment

DM1 reviews your current Conditional Access policies, or the absence of them, and maps your staff devices and work patterns before applying any changes.

2

Apply Policies in Report-Only Mode

Before enforcing policies, DM1 runs them in report-only mode to confirm no legitimate users will be blocked. This prevents the misconfiguration issues that lock businesses out of their own tenant.

3

Enforce and Monitor

Once verified, policies are enforced and DM1 monitors sign-in logs for policy failures. Break-glass accounts are maintained to ensure recovery if a policy issue is ever discovered.

What DM1 Finds at New Client Onboarding

DISCOVERED DURING DM1 NEW CLIENT ONBOARDING

No Conditional Access policies, entire tenant accessible from any device anywhere

A Perth professional services firm with 12 staff had a Microsoft 365 Business Premium licence and zero Conditional Access policies configured. The tenant was accessible from any device, anywhere in the world, with just a password.

DISCOVERED DURING DM1 NEW CLIENT ONBOARDING

Conditional Access policy blocking all sign-ins, including the admin

A Perth business had misconfigured a Conditional Access policy that blocked all sign-ins. DM1 used break-glass account procedures to access the tenant and correct the policy without data loss.

DISCOVERED DURING DM1 NEW CLIENT ONBOARDING

Legacy authentication blocking MFA, attackers using SMTP relay to bypass controls

A Perth business had MFA enabled but legacy authentication allowed. An attacker was using basic SMTP authentication to access a mailbox without triggering MFA. DM1 blocked all legacy authentication protocols.

Related Microsoft 365 Security Topics

Conditional Access works alongside the rest of the Microsoft 365 security stack DM1 configures and manages.

Microsoft Entra ID

The cloud identity service that Conditional Access policies sit on top of.

Read more →

Microsoft Defender for Business

Endpoint security that detects ransomware, malware, and credential theft on Windows, Mac, and mobile devices.

Read more →

Microsoft Intune

Device management that enforces compliance and pushes settings to your fleet.

Read more →

Essential Eight Perth

The eight Australian cyber security strategies every business should aim to implement.

Read more →

Privacy Act Compliance

What Australian businesses need to do under the Privacy Act 1988.

Read more →

Notifiable Data Breach

What the Privacy Act requires when personal information is exposed.

Read more →

Microsoft 365 Data Backup

Microsoft retains your data, but the responsibility for backup is yours.

Read more →

Cyber Security Perth

DM1's overview of the security layers protecting your Microsoft 365 tenant.

Read more →

Microsoft 365 Perth

The full Microsoft 365 platform DM1 configures and manages for Perth businesses.

Read more →

Get Conditional Access Configured Properly

DM1 configures Conditional Access for Perth businesses on Microsoft 365 Business Premium. Call (08) 6202 6012 to get your tenant properly secured.

Contact DM1 Today(08) 6202 6012
Need IT help? Chat with us
DM1
DM1 Assistant
Perth IT Support Guide
Scroll to Top