常用条件访问策略Common Conditional Access policies

安全默认值适用于某些组织,但是许多组织需要的灵活性超出了这些策略能提供的灵活性。Security defaults are great for some but many organizations need more flexibility than they offer. 例如,许多组织都需要能够从需要多重身份验证的条件访问策略中排除特定帐户,如其紧急访问帐户或不受限管理帐户。For example, many organizations need the ability to exclude specific accounts like their emergency access or break-glass administration accounts from Conditional Access policies requiring multi-factor authentication. 对于这些组织,可以使用本文中提到的常用策略。For those organizations, the common policies referenced in this article can be of use.

Azure 门户中的条件访问策略

紧急访问帐户Emergency access accounts

有关紧急访问帐户及其重要原因的详细信息,请参阅以下文章:More information about emergency access accounts and why they are important can be found in the following articles:

组织部署的典型策略Typical policies deployed by organizations

* 这四个策略一起配置时可模拟安全默认值启用的功能。* These four policies when configured together, mimic functionality enabled by security defaults.

其他策略Additional policies

后续步骤Next steps