Skip to content

Commit 8f66d57

Browse files
v-dirichardsv-dirichards
authored
Merge pull request #217215 from MicrosoftGuyJFlo/IdentiyProtectionDeploymentPlan
[Azure AD] Identity Protection - Deployment Plan
2 parents cb9f489 + 26089da commit 8f66d57

19 files changed

+246
-125
lines changed

articles/active-directory/conditional-access/concept-conditional-access-policy-common.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -71,6 +71,7 @@ Organizations can select individual policy templates and:
7171
- [Block access by location](howto-conditional-access-policy-location.md)
7272
- [Block access except specific apps](howto-conditional-access-policy-block-access.md)
7373

74+
## User exclusions
7475
[!INCLUDE [active-directory-policy-exclusions](../../../includes/active-directory-policy-exclude-user.md)]
7576

7677
## Next steps

articles/active-directory/conditional-access/howto-conditional-access-policy-admin-mfa.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,7 @@ Microsoft recommends you require MFA on the following roles at a minimum, based
3838

3939
Organizations can choose to include or exclude roles as they see fit.
4040

41+
## User exclusions
4142
[!INCLUDE [active-directory-policy-exclusions](../../../includes/active-directory-policy-exclude-user.md)]
4243

4344
[!INCLUDE [active-directory-policy-deploy-template](../../../includes/active-directory-policy-deploy-template.md)]

articles/active-directory/conditional-access/howto-conditional-access-policy-all-users-mfa.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,7 @@ As Alex Weinert, the Directory of Identity Security at Microsoft, mentions in hi
2323
2424
The guidance in this article will help your organization create an MFA policy for your environment.
2525

26+
## User exclusions
2627
[!INCLUDE [active-directory-policy-exclusions](../../../includes/active-directory-policy-exclude-user.md)]
2728

2829
## Application exclusions

articles/active-directory/conditional-access/howto-conditional-access-policy-azure-management.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,7 @@ These tools can provide highly privileged access to resources that can make the
3131

3232
To protect these privileged resources, Microsoft recommends requiring multifactor authentication for any user accessing these resources. In Azure AD, these tools are grouped together in a suite called [Microsoft Azure Management](concept-conditional-access-cloud-apps.md#microsoft-azure-management). For Azure Government, this suite should be the Azure Government Cloud Management API app.
3333

34+
## User exclusions
3435
[!INCLUDE [active-directory-policy-exclusions](../../../includes/active-directory-policy-exclude-user.md)]
3536

3637
[!INCLUDE [active-directory-policy-deploy-template](../../../includes/active-directory-policy-deploy-template.md)]

articles/active-directory/conditional-access/howto-conditional-access-policy-block-access.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@ For organizations with a conservative cloud migration approach, the block all po
2424
2525
Policies like these can have unintended side effects. Proper testing and validation are vital before enabling. Administrators should utilize tools such as [Conditional Access report-only mode](concept-conditional-access-report-only.md) and [the What If tool in Conditional Access](what-if-tool.md) when making changes.
2626

27+
## User exclusions
2728
[!INCLUDE [active-directory-policy-exclusions](../../../includes/active-directory-policy-exclude-user.md)]
2829

2930
## Create a Conditional Access policy

articles/active-directory/conditional-access/howto-conditional-access-policy-compliant-device-admin.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -42,6 +42,7 @@ Microsoft recommends you require enable this policy for the following roles at a
4242

4343
Organizations can choose to include or exclude roles as they see fit.
4444

45+
## User exclusions
4546
[!INCLUDE [active-directory-policy-exclusions](../../../includes/active-directory-policy-exclude-user.md)]
4647

4748
[!INCLUDE [active-directory-policy-deploy-template](../../../includes/active-directory-policy-deploy-template.md)]

articles/active-directory/conditional-access/howto-conditional-access-policy-compliant-device.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,7 @@ Policy compliance information is sent to Azure AD where Conditional Access decid
2828

2929
Requiring a hybrid Azure AD joined device is dependent on your devices already being hybrid Azure AD joined. For more information, see the article [Configure hybrid Azure AD join](../devices/howto-hybrid-azure-ad-join.md).
3030

31+
## User exclusions
3132
[!INCLUDE [active-directory-policy-exclusions](../../../includes/active-directory-policy-exclude-user.md)]
3233

3334
[!INCLUDE [active-directory-policy-deploy-template](../../../includes/active-directory-policy-deploy-template.md)]

articles/active-directory/conditional-access/howto-policy-app-enforced-restriction.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,7 @@ ms.collection: M365-identity-device-management
1919

2020
Block or limit access to SharePoint, OneDrive, and Exchange content from unmanaged devices.
2121

22+
## User exclusions
2223
[!INCLUDE [active-directory-policy-exclusions](../../../includes/active-directory-policy-exclude-user.md)]
2324

2425
[!INCLUDE [active-directory-policy-deploy-template](../../../includes/active-directory-policy-deploy-template.md)]

articles/active-directory/conditional-access/howto-policy-guest-mfa.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,7 @@ ms.collection: M365-identity-device-management
1919

2020
Require guest users perform multifactor authentication when accessing your organization's resources.
2121

22+
## User exclusions
2223
[!INCLUDE [active-directory-policy-exclusions](../../../includes/active-directory-policy-exclude-user.md)]
2324

2425
[!INCLUDE [active-directory-policy-deploy-template](../../../includes/active-directory-policy-deploy-template.md)]

articles/active-directory/conditional-access/howto-policy-persistent-browser-session.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,7 @@ ms.collection: M365-identity-device-management
1919

2020
Protect user access on unmanaged devices by preventing browser sessions from remaining signed in after the browser is closed and setting a sign-in frequency to 1 hour.
2121

22+
## User exclusions
2223
[!INCLUDE [active-directory-policy-exclusions](../../../includes/active-directory-policy-exclude-user.md)]
2324

2425
[!INCLUDE [active-directory-policy-deploy-template](../../../includes/active-directory-policy-deploy-template.md)]

0 commit comments

Comments
 (0)