Security for IT Professionals

TW08 Conditional Access Gone Wrong: Debugging, Breaking, and Rebuilding Your Policies

August 5th, 2026

9:30am - 10:45am

Level: Intermediate

John O'Neill, Sr.

Chief Innovation Officer

Azure Innovators

Conditional Access is the backbone of Zero Trust, but most environments are just one misconfigured policy away from an outage, a bypass, or both. In this straight-talk, no-holds-barred session, we’ll break down real-world Conditional Access failures and show you how to diagnose and fix them. You’ll learn how policies interact (and conflict), how authentication strengths and session controls really behave, and why your “secure” configuration might not be (and probably isn’t) doing what you think. We’ll walk through live troubleshooting scenarios using sign-in logs, What If analysis, and policy insights to uncover hidden gaps—like token persistence bypass, device compliance blind spots, and MFA fatigue risks. Then we’ll dive into building a clean, resilient policy design using modern patterns: authentication strengths, device trust, risk-based access, and step-up authentication—all aligned with Zero Trust principles.

You’ll leave with a validated, production-ready Conditional Access framework you can implement immediately.

You will learn:

  • How to debug broken or conflicting Conditional Access policies
  • How attackers bypass weak CA configurations (and how to stop them)
  • How to use authentication strengths, device filters, and session controls correctly
  • How to validate policies using real sign-in telemetry and testing tools