Conditional Access is where identity decisions turn into day-to-day reality. And it’s also where perfectly reasonable changes can lock out executives, break device rollout, or create a pile of "temporary" exclusions that never go away.

In this session we’ll build a small, production-ready Conditional Access policy set for a modern Microsoft 365 tenant. We’ll separate interactive users from admins, define an emergency access (break-glass) strategy, and apply strong authentication where it matters using authentication strengths. We’ll also cover the knobs that make policies behave predictably in real environments including device filters and compliant device requirements, location patterns (named locations and trusted networks), and how risk signals change the story.

You’ll leave with a rollout approach that avoids surprises. The goal isn’t more policies, it’s fewer policies that you can explain, audit, and operate.