This week on SysAdmin Weekly, Andy is joined by regular co-host Paul Schnackenburg for a deep dive into Conditional Access, the cloud-era identity firewall you could say? and a cornerstone of Zero Trust security in Microsoft 365 and the Microsoft Cloud.

We cover everything from the basics of conditional access policies to the nuances of break-glass accounts, layered policies, and how to avoid locking yourself (and your entire org) out of Entra ID. Along the way, we touch on Microsoft’s security defaults, authentication strengths, and the role of risky sign-ins and user risk detection in identity protection.

Paul and Andy also share war stories from the trenches: configuring fresh tenants, wrangling MFA requirements, and learning why documentation and backups of your conditional access policies matter more than ever. Plus, there’s plenty of SysAdmin banter on Intel’s decline, ARM’s dominance, and even foldable phones!

If you’ve ever wondered how to design policies without creating chaos or how to modernize your security controls without overwhelming your users, this is the episode is for you.

Episode Resources

- SysAdmin Weekly Companion Newsletter

- AndyOnTech

- Project Runspace

- Microsoft Security Defaults Overview

- Microsoft Entra Conditional Access Documentation

- Microsoft Identity Protection (Risky Sign-ins & Users)

- Authentication Strengths in Entra ID

- Meister.dev – Conditional Access Testing Tool

- Meryl Fernando’s Conditional Access Documentation Tool

- Podcast with Tarek Dawoud on Entra ID Architecture