Microsoft Entra Conditional Access sits at the front line of identity security—but as features multiply, so do subtle misconfigurations. This talk highlights real-world lessons from engagements where attackers abused Conditional Access logic flaws, weak conditions, and incomplete MFA coverage to slip past defenses.

We’ll take you through attack paths that target location controls, device platform checks, and client application types such as legacy authentication and device code flow, and show how mis-scoped MFA requirements (for example, only certain roles or apps) create dangerous gaps. Each scenario includes an attack demonstration followed by a defender-focused breakdown using Graph PowerShell, sign-in log analytics, and community tools to surface and fix these weaknesses. Participants will leave understanding how these attacks work end-to-end and with concrete techniques for hardening Conditional Access policies so that modern adversaries can’t simply route around them.