At least one Conditional Access policy is configured to require compliant or Entra hybrid joined devices for admins

Why This Matters

Without a conditional access policy that enforces device compliance for administrative accounts, your tenant is exposed to significant risk. If an admin credential is compromised, an attacker could access critical systems from any unmanaged or non compliant device, bypassing essential security controls. This check ensures you have a baseline guardrail in place to protect your privileged access.

What Aether365 Checks

Aether365 verifies that at least one conditional access policy is configured in your Microsoft 365 tenant to require compliant devices or Entra hybrid joined devices for admin accounts. This check appears in your Aether365 dashboard under the microsoft-365 service category.

Microsoft references

CATemplatesAdminDevices

At least one Conditional Access policy is configured to require compliant or Entra hybrid joined devices for admins ​

Why This Matters ​

What Aether365 Checks ​

Microsoft references ​

At least one Conditional Access policy is configured to require compliant or Entra hybrid joined devices for admins

Why This Matters

What Aether365 Checks

Microsoft references