The What If<\/strong> tool provides a way to quickly determine the policies that apply to a specific user. You can use the information, for example, if you need to troubleshoot an issue.<\/p>\n\n\n\n https:\/\/www.youtube-nocookie.com\/embed\/M_iQVM-3C3E<\/a><\/p>\n\n\n\n In the Conditional Access What If tool<\/strong>, you first need to configure the conditions of the sign-in scenario you want to simulate. These settings may include:<\/p>\n\n\n\n The What If tool doesn’t test for Conditional Access service dependencies<\/a>. For example, if you’re using What If to test a Conditional Access policy for Microsoft Teams, the result doesn’t take into consideration any policy that would apply to Office 365 Exchange Online, a Conditional Access service dependency for Microsoft Teams.<\/p>\n\n\n\n As a next step, you can initiate a simulation run that evaluates your settings. Only policies that are enabled are part of an evaluation run.<\/p>\n\n\n\n When the evaluation has finished, the tool generates a report of the affected policies. To gather more information about a Conditional Access policy, the Conditional Access insights and reporting workbook<\/a> can provide more details about policies in report-only mode and those policies currently enabled.<\/p>\n\n\n\n You can find the What If<\/strong> tool in the Azure portal under Azure Active Directory<\/strong> > Security<\/strong> > Conditional Access<\/strong> > What If<\/strong>.<\/p>\n\n\n\n Before you can run the What If tool, you must provide the conditions you want to evaluate.<\/p>\n\n\n\n The only condition you must make is selecting a user or workload identity. All other conditions are optional. For a definition of these conditions, see the article Building a Conditional Access policy<\/a>.<\/p>\n\n\n\n You start an evaluation by clicking What If<\/strong>. The evaluation result provides you with a report that consists of:<\/p>\n\n\n\n If classic policies<\/a> exist for the selected cloud apps, an indicator is presented to you. By clicking the indicator, you’re redirected to the classic policies page. On the classic policies page, you can migrate a classic policy or just disable it. You can return to your evaluation result by closing this page.<\/p>\n\n\n\n On the list of policies that apply, you can also find a list of grant controls<\/a> and session controls<\/a> that must be satisfied.<\/p>\n\n\n\n On the list of policies that don’t apply, you can find the reasons why these policies don’t apply. For each listed policy, the reason represents the first condition that wasn’t satisfied.<\/p>\n\n\n\n Ref: https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/conditional-access\/what-if-tool<\/p>\n","protected":false},"excerpt":{"rendered":" The Conditional Access What If policy tool allows you to understand the impact of Conditional Access policies in your environment. Instead of test driving your policies by performing multiple sign-ins manually, this tool enables you to evaluate a simulated sign-in of a user. The simulation estimates the impact this sign-in has on your policies and generates a simulation report. Read More<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_bbp_topic_count":0,"_bbp_reply_count":0,"_bbp_total_topic_count":0,"_bbp_total_reply_count":0,"_bbp_voice_count":0,"_bbp_anonymous_reply_count":0,"_bbp_topic_count_hidden":0,"_bbp_reply_count_hidden":0,"_bbp_forum_subforum_count":0,"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[238,239],"tags":[1293,1291,1292],"class_list":["post-4319","post","type-post","status-publish","format-standard","hentry","category-cloud","category-azure","tag-troubleshoot-conditional-access-policies-on-azure","tag-what-if-azure","tag-what-if-conditional-access-policies-on-azure"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts\/4319","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4319"}],"version-history":[{"count":1,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts\/4319\/revisions"}],"predecessor-version":[{"id":4320,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts\/4319\/revisions\/4320"}],"wp:attachment":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4319"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4319"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4319"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}<\/a>How it works<\/h2>\n\n\n\n
<\/a>Running the tool<\/h2>\n\n\n\n
![\"Screenshot](\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/conditional-access\/media\/what-if-tool\/portal-showing-location-of-what-if-tool.png\")
<\/a><\/figure>\n\n\n\n<\/a>Conditions<\/h2>\n\n\n\n
![\"Screenshot](\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/conditional-access\/media\/what-if-tool\/supply-conditions-to-evaluate-in-the-what-if-tool.png\")
<\/a><\/figure>\n\n\n\n<\/a>Evaluation<\/h2>\n\n\n\n
![\"Screenshot](\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/conditional-access\/media\/what-if-tool\/conditional-access-what-if-evaluation-result-example.png\")
<\/a><\/figure>\n\n\n\n<\/a>Next steps<\/h2>\n\n\n\n