As of June 2019, Microsoft addeda key security feature to the Microsoft 365 Business offering: Conditional Access. Prior to June, you had to add a subscription to Azure AD Premium Plan 1 to gain the features of Conditional Access. Here\u2019s an explanation of what it is and why you should enable it.What is Conditional Access?The Microsoft 365 Business Conditional Access feature allows you to implement automated, conditional access controls for accessing your cloud apps. Cloud services and the ability to access them anywhere is wonderful until you realize that access from anywhere means attackers can access those same applications. A typical office worker doesn\u2019t really need access from anywhere. They only need access from where they work. Conditional access lets you set up policies to restrict access.How to set up Conditional AccessYou can set up these policies either from the old Microsoft 365 Device Management location or the new preview portal location under Azure Active Directory link. To set up a policy, click on \u201cConditional Access\u201d, then \u201cNew\u201d, and then on \u201cNew policy\u201d. You will see your options to set policies.At a minimum you\u2019ll want to set policies for SharePoint and for Online Exchange as those are the two major places where your data resides. You may also wish to purchase Azure licenses to cover additional protection for administrator accounts. For example, you can add separate Azure AD Premium Plan 2 licenses for administrator accounts for additional protection of high-risk accounts. Sign-in risk, for example, needs the P2 license to be enforced.You can use Conditional Access to limit access by geography. In the Conditional Access section, go into named locations and choose the countries that you will allow access to your resources. Work in a highly regulated industry and want to restrict access to certain IP addresses? You can do this with Conditional Access. Susan BradleySelect geographic regions from which you will allow accessYou might want to lock down access to Office 365 to company offices, to corporate devices and enable multi-factor authentication.You can now set the following policies in Microsoft 365 Business license:Limit Users\/Groups: You can build policies based on users or groups. Start first by selectively choosing a test user or group. Setting a policy for all users from the start might lock your out. Always make sure you start slowly in setting up policies based on users.Limit by Cloud Applications: Use this to control applications. Start first by controlling the two major applications that are targeted now: Exchange Online and SharePoint.Limit by Client Applications: Use this to control applications or software people use to connect to SharePoint or Exchange. For example, you can select to allow Desktop Outlook applications but block web browsers.Limit by Device Platform: Use this to control which devices users are allowed to connect with. For example, you can allow Apple iPhones but block Android.Limit by Location: Use this to control what IPs can connect to Office 365. For example, you\u2019ll probably want to limit or block access from countries you don\u2019t normally do business with.To set up a sample policy, click \u201cAzure Active Directory\u201d, then on \u201cConditional Access\u201d, then on \u201cNew policy\u201d. Name the policy with a logical name. Select \u201cAssignments\u201d and then select a small group of users. Select \u201cCloud apps\u201d, then select \u201cSelected apps\u201d. Select \u201cOffice 365 Exchange Online\u201d and \u201cSharePoint\u201d. Select \u201cConditions\u201d to determine what you will use to set restrictions. Susan BradleySelect Office 365 Exchange and SharepointAs you can see, Conditional Access policies are extremely powerful. I recommend that you add this feature to your Office 365 subscription if you do not have it already. It can provide a great deal of protection for your online assets.