You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/conditional-access/workload-identity.md
+7-3Lines changed: 7 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,7 +6,7 @@ services: active-directory
6
6
ms.service: active-directory
7
7
ms.subservice: conditional-access
8
8
ms.topic: how-to
9
-
ms.date: 03/04/2022
9
+
ms.date: 03/22/2022
10
10
11
11
ms.author: joflore
12
12
author: MicrosoftGuyJFlo
@@ -51,7 +51,7 @@ Create a location based Conditional Access policy that applies to service princi
51
51
1. Under **Cloud apps or actions**, select **All cloud apps**. The policy will apply only when a service principal requests a token.
52
52
1. Under **Conditions** > **Locations**, include **Any location** and exclude **Selected locations** where you want to allow access.
53
53
1. Under **Grant**, **Block access** is the only available option. Access is blocked when a token request is made from outside the allowed range.
54
-
1.Your policy can be saved in **Report-only**mode, allowing administrators to estimate the effects, or policy is enforced by turning policy**On**.
54
+
1.Set **Enable policy**to**On**.
55
55
1. Select **Create** to complete your policy.
56
56
57
57
### Create a risk-based Conditional Access policy
@@ -73,9 +73,13 @@ Create a location based Conditional Access policy that applies to service princi
73
73
1. Select the levels of risk where you want this policy to trigger.
74
74
1. Select **Done**.
75
75
1. Under **Grant**, **Block access** is the only available option. Access is blocked when a token request is made from outside the allowed range.
76
-
1.Your policy can be saved in **Report-only**mode, allowing administrators to estimate the effects, or policy is enforced by turning policy**On**.
76
+
1.Set **Enable policy**to**On**.
77
77
1. Select **Create** to complete your policy.
78
78
79
+
#### Report-only mode
80
+
81
+
Saving your policy in Report-only mode won't allow administrators to estimate the effects because we don't currently log this risk information in sign-in logs.
82
+
79
83
## Roll back
80
84
81
85
If you wish to roll back this feature, you can delete or disable any created policies.
0 commit comments