Require terms of use to be accepted before accessing Microsoft Admin Portals
Organizations might want to require users to accept terms of use (ToU) before accessing certain applications in their environment. This example helps you create a policy requiring terms of use to be accepted as part of the initial sign in process for administrators who access any of the Microsoft Admin Portals.
Create your terms of use
This section provides you with the steps to create a sample terms of use document. When you create a terms of use document, you select a value for Enforce with Conditional Access policy templates. Selecting Custom policy opens a dialog to create a new Conditional Access policy as soon as your terms of use is created.
- Create a new terms of use document and save it as a PDF file.
- Sign in to the Azure portal as a Conditional Access Administrator, Security Administrator, or a Global Administrator.
- Browse to Microsoft Entra ID > Security > Conditional Access > Terms of use.
- In the menu on the top, select New terms.
- In the Name textbox, provide a name for your terms of use policy.
- Upload your terms of use PDF file.
- Select your default language.
- In the Display name textbox, type the name you want to be displayed.
- For Require users to expand the terms of use, select On.
- For Enforce with Conditional Access policy templates, select Custom policy.
- Select Create.
Create a Conditional Access policy
This section shows how to create the required Conditional Access policy.
To configure your Conditional Access policy:
- Give your policy a name. We recommend that organizations create a meaningful standard for the names of their policies.
- Under Assignments, select Users or workload identities.
- Under Include, select All users.
- Under Exclude, select Users and groups and choose your organization's emergency access or break-glass accounts.
- Under Target resources > Cloud apps, select the following options:
- Under Include, choose Select apps.
- Select Microsoft Admin Portals, and then choose Select.
- Under Access controls, select Grant.
- Select Grant access.
- Select the terms of use you created previously called and choose Select.
- Confirm your settings and set Enable policy to Report-only.
- Select Create to create to enable your policy.
After administrators confirm the settings using report-only mode, they can move the Enable policy toggle from Report-only to On.
Test your Conditional Access policy
In the previous section, you created a Conditional Access policy requiring terms of use be accepted when accessing any of the Microsoft Admin Portals.
To test your policy, try to sign in to the Microsoft Entra admin center using a test account. You should see a dialog that requires you to accept your terms of use.