"Microsoft Entra Conditional Access sits at the forefront of an organization’s identity security boundary, but its growing feature set introduces new complexity. As new security controls become available and policies accumulate, subtle misconfigurations emerge—creating the cracks adversaries look for. Whether you’re a cloud administrator, security consultant, or red team operator, the objective is the same: identify the holes in Conditional Access before attackers exploit them. This talk highlights practical lessons learned from real engagements and demonstrates how attackers abuse Conditional Access logic flaws, weak conditions, and insufficient MFA enforcement. We will walk through attack paths targeting location controls, device platform checks, and client application types such as legacy authentication and device code flow. Mis-scoped MFA requirements—such as targeting only certain roles or only specific applications—create gaps that let attackers obtain tokens even when organizations believe MFA is enforced everywhere. Each scenario includes an attack demonstration followed by a defender-focused breakdown using Graph PowerShell, sign-in log analytics, or community tools to show how these gaps can be identified and remediated. Attendees will leave understanding how these attacks work end-to-end and equipped with actionable techniques to uncover Conditional Access weaknesses. Modern adversaries don’t “break” Conditional Access, they route around it."