Standard Operating Procedure (SOP): Logging into Microsoft 365 with Conditional Access

1. Purpose

To outline the secure process for users to access Microsoft 365 services, including the use of multi-factor authentication (MFA) via the Microsoft Authenticator app, especially when accessing services offsite under conditional access policies.

2. Scope

This SOP applies to all authorised users accessing Microsoft 365 services from within or outside the organisation’s network.

3. Prerequisites

- A valid organisational Microsoft 365 account.
- Microsoft Authenticator app installed and registered on a mobile device.
- Internet access for offsite login.
- Conditional Access policies configured in Azure AD.
 

4. Procedure

4.1 Onsite Login (Within Organisation Network)

1. Navigate to https://portal.office.com.
2. Enter your organisational email address and password.
3. If conditional access policies detect you are onsite, you may be granted access without additional verification.
4. You are now logged in to Microsoft 365.
 

4.2 Offsite Login (Outside Organisation Network)

1. Navigate to https://portal.office.com.
2. Enter your organisational email address and password.
3. Conditional Access will detect an offsite login and trigger MFA.
4. Open the Microsoft Authenticator app on your registered mobile device.
5. Approve the sign-in request or enter the verification code displayed in the app.
6. Upon successful verification, access to Microsoft 365 is granted.
 

5. Security Notes

- MFA is mandatory for all offsite access to reduce the risk of unauthorised access.
- Users must not share their credentials or Authenticator app access.
- Lost or stolen devices must be reported immediately to IT support.
 

6. Troubleshooting

- Authenticator app not prompting? Ensure your device has internet access and notifications enabled.
- Access denied? You may be blocked by Conditional Access policies—contact IT support for assistance.