ASD's Blueprint for Secure Cloud

SESSION - Admin Sign-in Frequency

This page describes the configuration of policies for conditional access within Microsoft Entra ID associated with systems built according to the guidance provided by ASD's Blueprint for Secure Cloud.

Estimated reading time: 5 minutes


NameSESSION - Admin Sign-in Frequency



IncludeSelect users and groups
Guest or external usersNot checked
Directory rolesChecked
- Application AdministratorChecked
- Application DeveloperChecked
- Attack Payload AuthorChecked
- Attack Simulation AdministratorChecked
- Attribute Assignment AdministratorChecked
- Attribute Assignment ReaderChecked
- Attribute Definition AdministratorChecked
- Attribute Definition ReaderChecked
- Attribute Log AdministratorNot checked
- Attribute Log ReaderNot checked
- Authentication AdministratorChecked
- Authentication Policy AdministratorChecked
- Azure DevOps AdministratorChecked
- Azure Information Protection AdministratorChecked
- B2C IEF Keyset AdministratorChecked
- B2C IEF Policy AdministratorChecked
- Billing AdministratorChecked
- Cloud App Security AdministratorChecked
- Cloud Application AdministratorChecked
- Cloud Device AdministratorChecked
- Compliance AdministratorChecked
- Compliance Data AdministratorChecked
- Conditional Access AdministratorChecked
- Customer LockBox Access ApproverChecked
- Desktop Analytics AdministratorChecked
- Device JoinNot checked
- Device ManagersNot checked
- Device UsersNot checked
- Directory ReadersChecked
- Directory Synchronization AccountsChecked
- Directory WritersChecked
- Domain Name AdministratorChecked
- Dynamics 365 AdministratorChecked
- Dynamics 365 Business Central AdministratorNot checked
- Edge AdministratorChecked
- Exchange AdministratorChecked
- Exchange Recipient AdministratorChecked
- Extended Directory User AdministratorNot checked
- External ID User Flow AdministratorChecked
- External ID User Flow Attribute AdministratorChecked
- External Identity Provider AdministratorChecked
- Fabric AdministratorChecked
- Global AdministratorChecked
- Global ReaderChecked
- Global Secure Access AdministratorNot checked
- Groups AdministratorChecked
- Guest InviterChecked
- Guest UserNot checked
- Helpdesk AdministratorChecked
- Hybrid Identity AdministratorChecked
- Identity Governance AdministratorChecked
- Insights AdministratorChecked
- Insights AnalystChecked
- Insights Business LeaderChecked
- Intune AdministratorChecked
- Kaizala AdministratorChecked
- Knowledge AdministratorChecked
- Knowledge ManagerChecked
- License AdministratorChecked
- Lifecycle Workflows AdministratorChecked
- Message Center Privacy ReaderChecked
- Message Center ReaderChecked
- Microsoft 365 Migration AdministratorNot checked
- Microsoft Entra Joined Device Local AdministratorChecked
- Microsoft Hardware Warranty AdministratorChecked
- Microsoft Hardware Warranty SpecialistChecked
- Modern Commerce AdministratorChecked
- Network AdministratorChecked
- Office Apps AdministratorChecked
- Organizational Messages WriterChecked
- Partner Tier1 SupportNot checked
- Partner Tier2 SupportNot checked
- Password AdministratorChecked
- Permissions Management AdministratorChecked
- Power Platform AdministratorChecked
- Printer AdministratorChecked
- Printer TechnicianChecked
- Privileged Authentication AdministratorChecked
- Privileged Role AdministratorChecked
- Reports ReaderChecked
- Restricted Guest UserNot checked
- Search AdministratorChecked
- Search EditorChecked
- Security AdministratorChecked
- Security OperatorChecked
- Security ReaderChecked
- Service Support AdministratorChecked
- SharePoint AdministratorChecked
- Skype for Business AdministratorChecked
- Teams AdministratorChecked
- Teams Communications AdministratorChecked
- Teams Communications Support EngineerChecked
- Teams Communications Support SpecialistChecked
- Teams Devices AdministratorChecked
- Tenant CreatorChecked
- Usage Summary Reports ReaderChecked
- UserNot checked
- User AdministratorChecked
- Virtual Visits AdministratorChecked
- Viva Goals AdministratorChecked
- Viva Pulse AdministratorNot checked
- Windows 365 AdministratorChecked
- Windows Update Deployment AdministratorChecked
- Workplace Device JoinNot checked
- Yammer AdministratorChecked
Users and groupsNot checked

Target Resources

Select what this policy applies toCloud apps
IncludeAll cloud apps


User riskNot configured
riskNot configured
Device platformsNot configured
LocationsNot configured
Client apps
Select the client apps this policy will apply to
Mobile apps and desktop clientsChecked
Exchange ActiveSync clientsNot checked
Other clientsChecked
Filter for devicesNot configured

Access Controls


Control access enforcement to block or grant accessGrant access
Require multifactor authenticationChecked
Require authentication strengthNot checked
Require device to be marked as compliantNot checked
Require Microsoft Entra hybrid joined deviceNot checked
Require approved client appNot checked
Require app protection policyNot checked
Require password changeNot checked
Acceptable Use PolicyNot checked
For multiple controlsRequire one of the selected controls


Use app enforced restrictionsNot checked
Use Conditional Access App ControlNot checked
frequencyChecked
- Periodic reauthentication4 hours
Persistent browser sessionNot checked
Customize continuous access evaluationNot checked
Disable resilience defaultsNot checked
Use Global Secure Access security profileNot checked

Enable policy

Enable policyOn

Security & Governance




Do you have a suggestion on how the above page could be improved? Get in touch! ASD's Blueprint for Secure Cloud is an open source project, and we would love to get your input. Submit an issue on our GitHub, or send us an email at

Acknowledgement of Country icon

Acknowledgement of Country
We acknowledge the Traditional Owners and Custodians of Country throughout Australia and their continuing connections to land, sea and communities. We pay our respects to them, their cultures and their Elders; past, present and emerging. We also recognise Australia's First Peoples' enduring contribution to Australia's national security.

Authorised by the Australian Government, Canberra