Azure Active Directory Conditional Access Policies allow you to apply access controls to applications and services. Conditional access policies can be used to apply restrictions to users, devices and applications based on a set of policy conditions.

You should always add exclusions to conditional access policies to ensure that a misconfigured policy doesn't accidentally lock you out of your own Azure tenant.

This Azure Conditional Access policy enforces MFA for certain Administrator roles

This conditional access policy will enforce MFA for all users when accessing Office 365 apps

Legacy protocols like POP, SMTP and IMAP don't support MFA and can be used to password spray attack your Office 365 mailboxes. You can disable legacy authentication and improve your Office 365 security using this Azure Conditional Access policy.

How to test conditional access policies using report-only mode, monitor conditional access results using sign-in logs and how to troubleshoot policies using the what-if tool