⚡ Conditional Access Validator

Part of the Conditional Access Blueprint framework

The goal of the Conditional Access Validator is to help you automatically validate the effectiveness of a Conditional Access setup.

This project is open-source and may contain errors, bugs or inaccuracies. If so, please create an issue. No one can be held responsible for any issues arising from the use of this project.

The tool creates a set of Maester tests based on the current Conditional Access setup of the tenant, rather than the desired state. Therefore, the output might need adjustments to accurately represent the desired state.

Here's how you can contribute to our mission:

Use it: Use the tool and other referenced tools of the Conditional Access Blueprint! That's why they were build.
Talk about it: Engage in discussions about this, or invite me to spreak about the tool.
Feedback or share ideas: Have ideas or suggestions to improve this tool? Message me on LinkedIn (Jasper Baes)
Contribute: Join efforts to improve the quality, code and usability of this tool.
Donate: Consider supporting financially to cover costs (domain name, hosting, development costs, time, production costs, professional travel, ...) or future investments: donate on

The Conditional Access Validator was developed entirely on my own time, without any support or involvement from any organization or employer.

Please be aware that this project is only allowed for use by organizations seeking financial gain, on 2 conditions: 1. this is communicated to me over LinkedIn, 2. the header and footer of the HTML report is unchanged. Colors can be changed. Other items can be added.

Thank you for respecting these usage terms and contributing to a fair and ethical software community.

Conditional Access policies

255

generated Maester tests

1m24s

time to generate

Generated on Saturday, May 10, 2025 13:54:24 for ExampleOrg

                    
                        
    Describe "ExampleOrg.ConditionalAccess" {

	It "mfa for [email protected] on SalesForce with mobileAppsAndDesktopClients auth" {
		$userId = '83198522-6fea-4874-a65c-8b65e2fcf789' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications 'fee33ea8-ef07-46a3-a624-166a132eca8d' -ClientAppType 'mobileAppsAndDesktopClients' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Contain 'mfa' 
	}

	It "mfa for [email protected] on SalesForce with legacy auth" {
		$userId = '83198522-6fea-4874-a65c-8b65e2fcf789' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications 'fee33ea8-ef07-46a3-a624-166a132eca8d' -ClientAppType 'other' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Contain 'mfa' 
	}

	It "block for [email protected] (random) on Office 365 SharePoint Online with legacy auth" {
		$userId = '18fc864a-31d0-41fe-bd45-b5da31bb1957' # [email protected] (random) 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'other' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Contain 'block' 
	}

	It "block for [email protected] (random) on Office 365 Portal with legacy auth" {
		$userId = '18fc864a-31d0-41fe-bd45-b5da31bb1957' # [email protected] (random) 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'other' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Contain 'block' 
	}

	It "block for [email protected] (random) on Office 365 Exchange Online with legacy auth" {
		$userId = '4f53b752-f868-4f4c-ab1f-69d0019a6d73' # [email protected] (random) 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'other' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Contain 'block' 
	}

	It "block for [email protected] (random) on Office 365 SharePoint Online with legacy auth" {
		$userId = '4f53b752-f868-4f4c-ab1f-69d0019a6d73' # [email protected] (random) 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'other' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Contain 'block' 
	}

	It "block for [email protected] (random) on Office 365 Portal with legacy auth" {
		$userId = '4f53b752-f868-4f4c-ab1f-69d0019a6d73' # [email protected] (random) 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'other' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Contain 'block' 
	}

	It "block for [email protected] (random) on Office 365 Exchange Online with legacy auth" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] (random) 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'other' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Contain 'block' 
	}

	It "block for [email protected] (random) on Office 365 SharePoint Online with legacy auth" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] (random) 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'other' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Contain 'block' 
	}

	It "block for [email protected] (random) on Office 365 Portal with legacy auth" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] (random) 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'other' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Contain 'block' 
	}

	It "block for [email protected] (random) on Office 365 Exchange Online with legacy auth" {
		$userId = 'a2dade92-ca59-4342-9b47-cff542df0270' # [email protected] (random) 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'other' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Contain 'block' 
	}

	It "block for [email protected] (random) on Office 365 SharePoint Online with legacy auth" {
		$userId = 'a2dade92-ca59-4342-9b47-cff542df0270' # [email protected] (random) 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'other' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Contain 'block' 
	}

	It "block for [email protected] (random) on Office 365 Portal with legacy auth" {
		$userId = 'a2dade92-ca59-4342-9b47-cff542df0270' # [email protected] (random) 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'other' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Contain 'block' 
	}

	It "block for [email protected] (random) on Office 365 Exchange Online with legacy auth" {
		$userId = '70a22604-6070-48bb-87fd-ac3428b3de94' # [email protected] (random) 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'other' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Contain 'block' 
	}

	It "block for [email protected] (random) on Office 365 SharePoint Online with legacy auth" {
		$userId = '70a22604-6070-48bb-87fd-ac3428b3de94' # [email protected] (random) 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'other' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Contain 'block' 
	}

	It "block for [email protected] (random) on Office 365 Portal with legacy auth" {
		$userId = '70a22604-6070-48bb-87fd-ac3428b3de94' # [email protected] (random) 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'other' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Contain 'block' 
	}

	It "no block for [email protected] on Office 365 Exchange Online with legacy auth" {
		$userId = '290a4c5c-e478-42ac-aef7-673c1be5ad70' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'other' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'block' 
	}

	It "no block for [email protected] on Office 365 SharePoint Online with legacy auth" {
		$userId = '290a4c5c-e478-42ac-aef7-673c1be5ad70' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'other' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'block' 
	}

	It "no block for [email protected] on Office 365 Portal with legacy auth" {
		$userId = '290a4c5c-e478-42ac-aef7-673c1be5ad70' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'other' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'block' 
	}

	It "no block for [email protected] on Office 365 Exchange Online with legacy auth" {
		$userId = '4ed45a39-c13b-4199-bfe6-a2ed87ad8851' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'other' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'block' 
	}

	It "no block for [email protected] on Office 365 SharePoint Online with legacy auth" {
		$userId = '4ed45a39-c13b-4199-bfe6-a2ed87ad8851' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'other' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'block' 
	}

	It "no block for [email protected] on Office 365 Portal with legacy auth" {
		$userId = '4ed45a39-c13b-4199-bfe6-a2ed87ad8851' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'other' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'block' 
	}

	It "no block for [email protected] on Office 365 Exchange Online with legacy auth" {
		$userId = 'b6d5a6f8-f8a6-4831-b864-b61439795563' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'other' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'block' 
	}

	It "no block for [email protected] on Office 365 SharePoint Online with legacy auth" {
		$userId = 'b6d5a6f8-f8a6-4831-b864-b61439795563' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'other' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'block' 
	}

	It "no block for [email protected] on Office 365 Portal with legacy auth" {
		$userId = 'b6d5a6f8-f8a6-4831-b864-b61439795563' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'other' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'block' 
	}

	It "no block for [email protected] on Office 365 Exchange Online with legacy auth" {
		$userId = '81325a5b-73ee-459b-95e9-ed17251b3318' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'other' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'block' 
	}

	It "no block for [email protected] on Office 365 SharePoint Online with legacy auth" {
		$userId = '81325a5b-73ee-459b-95e9-ed17251b3318' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'other' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'block' 
	}

	It "no block for [email protected] on Office 365 Portal with legacy auth" {
		$userId = '81325a5b-73ee-459b-95e9-ed17251b3318' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'other' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'block' 
	}

	It "no block for [email protected] on Office 365 Exchange Online with browser auth from 80.90.100.110" {
		$userId = '2450f61c-7ae5-4157-ac02-817228ed38bd' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '80.90.100.110' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'block' 
	}

	It "no block for [email protected] on Office 365 Exchange Online with browser auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae" {
		$userId = '2450f61c-7ae5-4157-ac02-817228ed38bd' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'block' 
	}

	It "no block for [email protected] on Office 365 Exchange Online with mobileAppsAndDesktopClients auth from 111.222.111.222" {
		$userId = '2450f61c-7ae5-4157-ac02-817228ed38bd' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '111.222.111.222' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'block' 
	}

	It "no block for [email protected] on Office 365 Exchange Online with mobileAppsAndDesktopClients auth from 80.90.100.110" {
		$userId = '2450f61c-7ae5-4157-ac02-817228ed38bd' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '80.90.100.110' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'block' 
	}

	It "no block for [email protected] on Office 365 Exchange Online with mobileAppsAndDesktopClients auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae" {
		$userId = '2450f61c-7ae5-4157-ac02-817228ed38bd' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'block' 
	}

	It "no block for [email protected] on Office 365 Exchange Online with legacy auth from 111.222.111.222" {
		$userId = '2450f61c-7ae5-4157-ac02-817228ed38bd' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '111.222.111.222' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'block' 
	}

	It "no block for [email protected] on Office 365 Exchange Online with legacy auth from 80.90.100.110" {
		$userId = '2450f61c-7ae5-4157-ac02-817228ed38bd' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '80.90.100.110' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'block' 
	}

	It "no block for [email protected] on Office 365 Exchange Online with legacy auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae" {
		$userId = '2450f61c-7ae5-4157-ac02-817228ed38bd' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'block' 
	}

	It "no block for [email protected] on Office 365 SharePoint Online with browser auth from 111.222.111.222" {
		$userId = '2450f61c-7ae5-4157-ac02-817228ed38bd' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '111.222.111.222' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'block' 
	}

	It "no block for [email protected] on Office 365 SharePoint Online with browser auth from 80.90.100.110" {
		$userId = '2450f61c-7ae5-4157-ac02-817228ed38bd' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '80.90.100.110' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'block' 
	}

	It "no block for [email protected] on Office 365 SharePoint Online with browser auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae" {
		$userId = '2450f61c-7ae5-4157-ac02-817228ed38bd' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'block' 
	}

	It "no block for [email protected] on Office 365 SharePoint Online with mobileAppsAndDesktopClients auth from 111.222.111.222" {
		$userId = '2450f61c-7ae5-4157-ac02-817228ed38bd' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '111.222.111.222' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'block' 
	}

	It "no block for [email protected] on Office 365 SharePoint Online with mobileAppsAndDesktopClients auth from 80.90.100.110" {
		$userId = '2450f61c-7ae5-4157-ac02-817228ed38bd' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '80.90.100.110' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'block' 
	}

	It "no block for [email protected] on Office 365 SharePoint Online with mobileAppsAndDesktopClients auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae" {
		$userId = '2450f61c-7ae5-4157-ac02-817228ed38bd' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'block' 
	}

	It "no block for [email protected] on Office 365 SharePoint Online with legacy auth from 111.222.111.222" {
		$userId = '2450f61c-7ae5-4157-ac02-817228ed38bd' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '111.222.111.222' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'block' 
	}

	It "no block for [email protected] on Office 365 SharePoint Online with legacy auth from 80.90.100.110" {
		$userId = '2450f61c-7ae5-4157-ac02-817228ed38bd' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '80.90.100.110' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'block' 
	}

	It "no block for [email protected] on Office 365 SharePoint Online with legacy auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae" {
		$userId = '2450f61c-7ae5-4157-ac02-817228ed38bd' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'block' 
	}

	It "no block for [email protected] on Office 365 Portal with browser auth from 111.222.111.222" {
		$userId = '2450f61c-7ae5-4157-ac02-817228ed38bd' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '111.222.111.222' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'block' 
	}

	It "no block for [email protected] on Office 365 Portal with browser auth from 80.90.100.110" {
		$userId = '2450f61c-7ae5-4157-ac02-817228ed38bd' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '80.90.100.110' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'block' 
	}

	It "no block for [email protected] on Office 365 Portal with browser auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae" {
		$userId = '2450f61c-7ae5-4157-ac02-817228ed38bd' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'block' 
	}

	It "no block for [email protected] on Office 365 Portal with mobileAppsAndDesktopClients auth from 111.222.111.222" {
		$userId = '2450f61c-7ae5-4157-ac02-817228ed38bd' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '111.222.111.222' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'block' 
	}

	It "no block for [email protected] on Office 365 Portal with mobileAppsAndDesktopClients auth from 80.90.100.110" {
		$userId = '2450f61c-7ae5-4157-ac02-817228ed38bd' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '80.90.100.110' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'block' 
	}

	It "no block for [email protected] on Office 365 Portal with mobileAppsAndDesktopClients auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae" {
		$userId = '2450f61c-7ae5-4157-ac02-817228ed38bd' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'block' 
	}

	It "no block for [email protected] on Office 365 Portal with legacy auth from 111.222.111.222" {
		$userId = '2450f61c-7ae5-4157-ac02-817228ed38bd' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '111.222.111.222' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'block' 
	}

	It "no block for [email protected] on Office 365 Portal with legacy auth from 80.90.100.110" {
		$userId = '2450f61c-7ae5-4157-ac02-817228ed38bd' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '80.90.100.110' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'block' 
	}

	It "no block for [email protected] on Office 365 Portal with legacy auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae" {
		$userId = '2450f61c-7ae5-4157-ac02-817228ed38bd' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'block' 
	}

	It "mfa for [email protected] on ServiceNow with mobileAppsAndDesktopClients auth" {
		$userId = '290a4c5c-e478-42ac-aef7-673c1be5ad70' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '5f752671-c0f0-4b39-a4c4-9db9f2a79621' -ClientAppType 'mobileAppsAndDesktopClients' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Contain 'mfa' 
	}

	It "mfa for [email protected] on ServiceNow with legacy auth" {
		$userId = '290a4c5c-e478-42ac-aef7-673c1be5ad70' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '5f752671-c0f0-4b39-a4c4-9db9f2a79621' -ClientAppType 'other' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Contain 'mfa' 
	}

	It "mfa for [email protected] on ServiceNow with browser auth" {
		$userId = '83198522-6fea-4874-a65c-8b65e2fcf789' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '5f752671-c0f0-4b39-a4c4-9db9f2a79621' -ClientAppType 'browser' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Contain 'mfa' 
	}

	It "mfa for [email protected] on ServiceNow with mobileAppsAndDesktopClients auth" {
		$userId = '83198522-6fea-4874-a65c-8b65e2fcf789' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '5f752671-c0f0-4b39-a4c4-9db9f2a79621' -ClientAppType 'mobileAppsAndDesktopClients' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Contain 'mfa' 
	}

	It "mfa for [email protected] on ServiceNow with legacy auth" {
		$userId = '83198522-6fea-4874-a65c-8b65e2fcf789' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '5f752671-c0f0-4b39-a4c4-9db9f2a79621' -ClientAppType 'other' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Contain 'mfa' 
	}

	It "no mfa for [email protected] on ServiceNow with browser auth" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '5f752671-c0f0-4b39-a4c4-9db9f2a79621' -ClientAppType 'browser' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on ServiceNow with mobileAppsAndDesktopClients auth" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '5f752671-c0f0-4b39-a4c4-9db9f2a79621' -ClientAppType 'mobileAppsAndDesktopClients' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on ServiceNow with legacy auth" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '5f752671-c0f0-4b39-a4c4-9db9f2a79621' -ClientAppType 'other' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "compliantDevice for [email protected] on Office 365 Exchange Online with mobileAppsAndDesktopClients auth on android" {
		$userId = 'd123545e-dd37-4f26-8a75-2a4c8c036ab1' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -DevicePlatform 'android' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Contain 'compliantDevice' 
	}

	It "compliantDevice for [email protected] on Office 365 SharePoint Online with browser auth on android" {
		$userId = 'd123545e-dd37-4f26-8a75-2a4c8c036ab1' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -DevicePlatform 'android' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Contain 'compliantDevice' 
	}

	It "compliantDevice for [email protected] on Office 365 SharePoint Online with mobileAppsAndDesktopClients auth on android" {
		$userId = 'd123545e-dd37-4f26-8a75-2a4c8c036ab1' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -DevicePlatform 'android' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Contain 'compliantDevice' 
	}

	It "compliantDevice for [email protected] on Office 365 Portal with browser auth on android" {
		$userId = 'd123545e-dd37-4f26-8a75-2a4c8c036ab1' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -DevicePlatform 'android' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Contain 'compliantDevice' 
	}

	It "compliantDevice for [email protected] on Office 365 Portal with mobileAppsAndDesktopClients auth on android" {
		$userId = 'd123545e-dd37-4f26-8a75-2a4c8c036ab1' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -DevicePlatform 'android' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Contain 'compliantDevice' 
	}

	It "no mfa for [email protected] on Office 365 Exchange Online with browser auth from 111.222.111.222 on windows" {
		$userId = 'cf3edad4-8528-43ba-9f7d-cfae49a6ff82' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '111.222.111.222' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Exchange Online with browser auth from 80.90.100.110" {
		$userId = 'cf3edad4-8528-43ba-9f7d-cfae49a6ff82' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '80.90.100.110' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Exchange Online with browser auth from 80.90.100.110 on windows" {
		$userId = 'cf3edad4-8528-43ba-9f7d-cfae49a6ff82' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '80.90.100.110' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Exchange Online with browser auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae" {
		$userId = 'cf3edad4-8528-43ba-9f7d-cfae49a6ff82' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Exchange Online with browser auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae on windows" {
		$userId = 'cf3edad4-8528-43ba-9f7d-cfae49a6ff82' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Exchange Online with mobileAppsAndDesktopClients auth from 111.222.111.222" {
		$userId = 'cf3edad4-8528-43ba-9f7d-cfae49a6ff82' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '111.222.111.222' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Exchange Online with mobileAppsAndDesktopClients auth from 111.222.111.222 on windows" {
		$userId = 'cf3edad4-8528-43ba-9f7d-cfae49a6ff82' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '111.222.111.222' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Exchange Online with mobileAppsAndDesktopClients auth from 80.90.100.110" {
		$userId = 'cf3edad4-8528-43ba-9f7d-cfae49a6ff82' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '80.90.100.110' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Exchange Online with mobileAppsAndDesktopClients auth from 80.90.100.110 on windows" {
		$userId = 'cf3edad4-8528-43ba-9f7d-cfae49a6ff82' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '80.90.100.110' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Exchange Online with mobileAppsAndDesktopClients auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae" {
		$userId = 'cf3edad4-8528-43ba-9f7d-cfae49a6ff82' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Exchange Online with mobileAppsAndDesktopClients auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae on windows" {
		$userId = 'cf3edad4-8528-43ba-9f7d-cfae49a6ff82' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Exchange Online with legacy auth from 111.222.111.222" {
		$userId = 'cf3edad4-8528-43ba-9f7d-cfae49a6ff82' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '111.222.111.222' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Exchange Online with legacy auth from 111.222.111.222 on windows" {
		$userId = 'cf3edad4-8528-43ba-9f7d-cfae49a6ff82' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '111.222.111.222' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Exchange Online with legacy auth from 80.90.100.110" {
		$userId = 'cf3edad4-8528-43ba-9f7d-cfae49a6ff82' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '80.90.100.110' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Exchange Online with legacy auth from 80.90.100.110 on windows" {
		$userId = 'cf3edad4-8528-43ba-9f7d-cfae49a6ff82' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '80.90.100.110' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Exchange Online with legacy auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae" {
		$userId = 'cf3edad4-8528-43ba-9f7d-cfae49a6ff82' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Exchange Online with legacy auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae on windows" {
		$userId = 'cf3edad4-8528-43ba-9f7d-cfae49a6ff82' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 SharePoint Online with browser auth from 111.222.111.222" {
		$userId = 'cf3edad4-8528-43ba-9f7d-cfae49a6ff82' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '111.222.111.222' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 SharePoint Online with browser auth from 111.222.111.222 on windows" {
		$userId = 'cf3edad4-8528-43ba-9f7d-cfae49a6ff82' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '111.222.111.222' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 SharePoint Online with browser auth from 80.90.100.110" {
		$userId = 'cf3edad4-8528-43ba-9f7d-cfae49a6ff82' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '80.90.100.110' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 SharePoint Online with browser auth from 80.90.100.110 on windows" {
		$userId = 'cf3edad4-8528-43ba-9f7d-cfae49a6ff82' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '80.90.100.110' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 SharePoint Online with browser auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae" {
		$userId = 'cf3edad4-8528-43ba-9f7d-cfae49a6ff82' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 SharePoint Online with browser auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae on windows" {
		$userId = 'cf3edad4-8528-43ba-9f7d-cfae49a6ff82' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 SharePoint Online with mobileAppsAndDesktopClients auth from 111.222.111.222" {
		$userId = 'cf3edad4-8528-43ba-9f7d-cfae49a6ff82' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '111.222.111.222' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 SharePoint Online with mobileAppsAndDesktopClients auth from 111.222.111.222 on windows" {
		$userId = 'cf3edad4-8528-43ba-9f7d-cfae49a6ff82' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '111.222.111.222' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 SharePoint Online with mobileAppsAndDesktopClients auth from 80.90.100.110" {
		$userId = 'cf3edad4-8528-43ba-9f7d-cfae49a6ff82' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '80.90.100.110' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 SharePoint Online with mobileAppsAndDesktopClients auth from 80.90.100.110 on windows" {
		$userId = 'cf3edad4-8528-43ba-9f7d-cfae49a6ff82' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '80.90.100.110' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 SharePoint Online with mobileAppsAndDesktopClients auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae" {
		$userId = 'cf3edad4-8528-43ba-9f7d-cfae49a6ff82' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 SharePoint Online with mobileAppsAndDesktopClients auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae on windows" {
		$userId = 'cf3edad4-8528-43ba-9f7d-cfae49a6ff82' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 SharePoint Online with legacy auth from 111.222.111.222" {
		$userId = 'cf3edad4-8528-43ba-9f7d-cfae49a6ff82' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '111.222.111.222' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 SharePoint Online with legacy auth from 111.222.111.222 on windows" {
		$userId = 'cf3edad4-8528-43ba-9f7d-cfae49a6ff82' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '111.222.111.222' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 SharePoint Online with legacy auth from 80.90.100.110" {
		$userId = 'cf3edad4-8528-43ba-9f7d-cfae49a6ff82' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '80.90.100.110' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 SharePoint Online with legacy auth from 80.90.100.110 on windows" {
		$userId = 'cf3edad4-8528-43ba-9f7d-cfae49a6ff82' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '80.90.100.110' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 SharePoint Online with legacy auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae" {
		$userId = 'cf3edad4-8528-43ba-9f7d-cfae49a6ff82' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 SharePoint Online with legacy auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae on windows" {
		$userId = 'cf3edad4-8528-43ba-9f7d-cfae49a6ff82' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Portal with browser auth from 111.222.111.222" {
		$userId = 'cf3edad4-8528-43ba-9f7d-cfae49a6ff82' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '111.222.111.222' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Portal with browser auth from 111.222.111.222 on windows" {
		$userId = 'cf3edad4-8528-43ba-9f7d-cfae49a6ff82' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '111.222.111.222' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Portal with browser auth from 80.90.100.110" {
		$userId = 'cf3edad4-8528-43ba-9f7d-cfae49a6ff82' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '80.90.100.110' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Portal with browser auth from 80.90.100.110 on windows" {
		$userId = 'cf3edad4-8528-43ba-9f7d-cfae49a6ff82' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '80.90.100.110' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Portal with browser auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae" {
		$userId = 'cf3edad4-8528-43ba-9f7d-cfae49a6ff82' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Portal with browser auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae on windows" {
		$userId = 'cf3edad4-8528-43ba-9f7d-cfae49a6ff82' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Portal with mobileAppsAndDesktopClients auth from 111.222.111.222" {
		$userId = 'cf3edad4-8528-43ba-9f7d-cfae49a6ff82' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '111.222.111.222' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Portal with mobileAppsAndDesktopClients auth from 111.222.111.222 on windows" {
		$userId = 'cf3edad4-8528-43ba-9f7d-cfae49a6ff82' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '111.222.111.222' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Portal with mobileAppsAndDesktopClients auth from 80.90.100.110" {
		$userId = 'cf3edad4-8528-43ba-9f7d-cfae49a6ff82' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '80.90.100.110' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Portal with mobileAppsAndDesktopClients auth from 80.90.100.110 on windows" {
		$userId = 'cf3edad4-8528-43ba-9f7d-cfae49a6ff82' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '80.90.100.110' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Portal with mobileAppsAndDesktopClients auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae" {
		$userId = 'cf3edad4-8528-43ba-9f7d-cfae49a6ff82' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Portal with mobileAppsAndDesktopClients auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae on windows" {
		$userId = 'cf3edad4-8528-43ba-9f7d-cfae49a6ff82' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Portal with legacy auth from 111.222.111.222" {
		$userId = 'cf3edad4-8528-43ba-9f7d-cfae49a6ff82' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '111.222.111.222' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Portal with legacy auth from 111.222.111.222 on windows" {
		$userId = 'cf3edad4-8528-43ba-9f7d-cfae49a6ff82' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '111.222.111.222' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Portal with legacy auth from 80.90.100.110" {
		$userId = 'cf3edad4-8528-43ba-9f7d-cfae49a6ff82' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '80.90.100.110' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Portal with legacy auth from 80.90.100.110 on windows" {
		$userId = 'cf3edad4-8528-43ba-9f7d-cfae49a6ff82' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '80.90.100.110' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Portal with legacy auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae" {
		$userId = 'cf3edad4-8528-43ba-9f7d-cfae49a6ff82' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Portal with legacy auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae on windows" {
		$userId = 'cf3edad4-8528-43ba-9f7d-cfae49a6ff82' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Exchange Online with browser auth from 111.222.111.222" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '111.222.111.222' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Exchange Online with browser auth from 111.222.111.222 on windows" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '111.222.111.222' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Exchange Online with browser auth from 80.90.100.110" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '80.90.100.110' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Exchange Online with browser auth from 80.90.100.110 on windows" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '80.90.100.110' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Exchange Online with browser auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Exchange Online with browser auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae on windows" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Exchange Online with mobileAppsAndDesktopClients auth from 111.222.111.222" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '111.222.111.222' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Exchange Online with mobileAppsAndDesktopClients auth from 111.222.111.222 on windows" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '111.222.111.222' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Exchange Online with mobileAppsAndDesktopClients auth from 80.90.100.110" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '80.90.100.110' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Exchange Online with mobileAppsAndDesktopClients auth from 80.90.100.110 on windows" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '80.90.100.110' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Exchange Online with mobileAppsAndDesktopClients auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Exchange Online with mobileAppsAndDesktopClients auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae on windows" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Exchange Online with legacy auth from 111.222.111.222" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '111.222.111.222' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Exchange Online with legacy auth from 111.222.111.222 on windows" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '111.222.111.222' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Exchange Online with legacy auth from 80.90.100.110" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '80.90.100.110' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Exchange Online with legacy auth from 80.90.100.110 on windows" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '80.90.100.110' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Exchange Online with legacy auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Exchange Online with legacy auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae on windows" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 SharePoint Online with browser auth from 111.222.111.222" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '111.222.111.222' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 SharePoint Online with browser auth from 111.222.111.222 on windows" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '111.222.111.222' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 SharePoint Online with browser auth from 80.90.100.110" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '80.90.100.110' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 SharePoint Online with browser auth from 80.90.100.110 on windows" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '80.90.100.110' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 SharePoint Online with browser auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 SharePoint Online with browser auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae on windows" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 SharePoint Online with mobileAppsAndDesktopClients auth from 111.222.111.222" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '111.222.111.222' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 SharePoint Online with mobileAppsAndDesktopClients auth from 111.222.111.222 on windows" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '111.222.111.222' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 SharePoint Online with mobileAppsAndDesktopClients auth from 80.90.100.110" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '80.90.100.110' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 SharePoint Online with mobileAppsAndDesktopClients auth from 80.90.100.110 on windows" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '80.90.100.110' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 SharePoint Online with mobileAppsAndDesktopClients auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 SharePoint Online with mobileAppsAndDesktopClients auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae on windows" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 SharePoint Online with legacy auth from 111.222.111.222" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '111.222.111.222' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 SharePoint Online with legacy auth from 111.222.111.222 on windows" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '111.222.111.222' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 SharePoint Online with legacy auth from 80.90.100.110" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '80.90.100.110' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 SharePoint Online with legacy auth from 80.90.100.110 on windows" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '80.90.100.110' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 SharePoint Online with legacy auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 SharePoint Online with legacy auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae on windows" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Portal with browser auth from 111.222.111.222" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '111.222.111.222' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Portal with browser auth from 111.222.111.222 on windows" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '111.222.111.222' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Portal with browser auth from 80.90.100.110" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '80.90.100.110' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Portal with browser auth from 80.90.100.110 on windows" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '80.90.100.110' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Portal with browser auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Portal with browser auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae on windows" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Portal with mobileAppsAndDesktopClients auth from 111.222.111.222" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '111.222.111.222' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Portal with mobileAppsAndDesktopClients auth from 111.222.111.222 on windows" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '111.222.111.222' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Portal with mobileAppsAndDesktopClients auth from 80.90.100.110" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '80.90.100.110' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Portal with mobileAppsAndDesktopClients auth from 80.90.100.110 on windows" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '80.90.100.110' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Portal with mobileAppsAndDesktopClients auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Portal with mobileAppsAndDesktopClients auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae on windows" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Portal with legacy auth from 111.222.111.222" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '111.222.111.222' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Portal with legacy auth from 111.222.111.222 on windows" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '111.222.111.222' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Portal with legacy auth from 80.90.100.110" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '80.90.100.110' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Portal with legacy auth from 80.90.100.110 on windows" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '80.90.100.110' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Portal with legacy auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Portal with legacy auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae on windows" {
		$userId = '5fa182bd-dc11-492e-b1d6-7d66cd6eeb37' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Exchange Online with browser auth from 111.222.111.222" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '111.222.111.222' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Exchange Online with browser auth from 111.222.111.222 on windows" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '111.222.111.222' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Exchange Online with browser auth from 80.90.100.110" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '80.90.100.110' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Exchange Online with browser auth from 80.90.100.110 on windows" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '80.90.100.110' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Exchange Online with browser auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Exchange Online with browser auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae on windows" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Exchange Online with mobileAppsAndDesktopClients auth from 111.222.111.222" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '111.222.111.222' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Exchange Online with mobileAppsAndDesktopClients auth from 111.222.111.222 on windows" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '111.222.111.222' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Exchange Online with mobileAppsAndDesktopClients auth from 80.90.100.110" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '80.90.100.110' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Exchange Online with mobileAppsAndDesktopClients auth from 80.90.100.110 on windows" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '80.90.100.110' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Exchange Online with mobileAppsAndDesktopClients auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Exchange Online with mobileAppsAndDesktopClients auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae on windows" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Exchange Online with legacy auth from 111.222.111.222" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '111.222.111.222' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Exchange Online with legacy auth from 111.222.111.222 on windows" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '111.222.111.222' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Exchange Online with legacy auth from 80.90.100.110" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '80.90.100.110' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Exchange Online with legacy auth from 80.90.100.110 on windows" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '80.90.100.110' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Exchange Online with legacy auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Exchange Online with legacy auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae on windows" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 SharePoint Online with browser auth from 111.222.111.222" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '111.222.111.222' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 SharePoint Online with browser auth from 111.222.111.222 on windows" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '111.222.111.222' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 SharePoint Online with browser auth from 80.90.100.110" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '80.90.100.110' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 SharePoint Online with browser auth from 80.90.100.110 on windows" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '80.90.100.110' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 SharePoint Online with browser auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 SharePoint Online with browser auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae on windows" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 SharePoint Online with mobileAppsAndDesktopClients auth from 111.222.111.222" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '111.222.111.222' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 SharePoint Online with mobileAppsAndDesktopClients auth from 111.222.111.222 on windows" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '111.222.111.222' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 SharePoint Online with mobileAppsAndDesktopClients auth from 80.90.100.110" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '80.90.100.110' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 SharePoint Online with mobileAppsAndDesktopClients auth from 80.90.100.110 on windows" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '80.90.100.110' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 SharePoint Online with mobileAppsAndDesktopClients auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 SharePoint Online with mobileAppsAndDesktopClients auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae on windows" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 SharePoint Online with legacy auth from 111.222.111.222" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '111.222.111.222' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 SharePoint Online with legacy auth from 111.222.111.222 on windows" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '111.222.111.222' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 SharePoint Online with legacy auth from 80.90.100.110" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '80.90.100.110' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 SharePoint Online with legacy auth from 80.90.100.110 on windows" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '80.90.100.110' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 SharePoint Online with legacy auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 SharePoint Online with legacy auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae on windows" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Portal with browser auth from 111.222.111.222" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '111.222.111.222' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Portal with browser auth from 111.222.111.222 on windows" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '111.222.111.222' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Portal with browser auth from 80.90.100.110" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '80.90.100.110' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Portal with browser auth from 80.90.100.110 on windows" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '80.90.100.110' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Portal with browser auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Portal with browser auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae on windows" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Portal with mobileAppsAndDesktopClients auth from 111.222.111.222" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '111.222.111.222' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Portal with mobileAppsAndDesktopClients auth from 111.222.111.222 on windows" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '111.222.111.222' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Portal with mobileAppsAndDesktopClients auth from 80.90.100.110" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '80.90.100.110' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Portal with mobileAppsAndDesktopClients auth from 80.90.100.110 on windows" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '80.90.100.110' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Portal with mobileAppsAndDesktopClients auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Portal with mobileAppsAndDesktopClients auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae on windows" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Portal with legacy auth from 111.222.111.222" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '111.222.111.222' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Portal with legacy auth from 111.222.111.222 on windows" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '111.222.111.222' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Portal with legacy auth from 80.90.100.110" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '80.90.100.110' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Portal with legacy auth from 80.90.100.110 on windows" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '80.90.100.110' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Portal with legacy auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "no mfa for [email protected] on Office 365 Portal with legacy auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae on windows" {
		$userId = '971a9e46-6b11-4be4-8d12-7a47c9ac35ce' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -Country 'FR' -IpAddress '2aa:1810:513:b900:29f6:eab8:d3ab:e1ae' -DevicePlatform 'windows' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Not -Contain 'mfa' 
	}

	It "mfa for [email protected] on Office 365 Exchange Online with mobileAppsAndDesktopClients auth" {
		$userId = 'f6de2794-dee6-46a8-9e66-075a8a97d088' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Contain 'mfa' 
	}

	It "mfa for [email protected] on Office 365 SharePoint Online with browser auth" {
		$userId = 'f6de2794-dee6-46a8-9e66-075a8a97d088' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Contain 'mfa' 
	}

	It "mfa for [email protected] on Office 365 SharePoint Online with mobileAppsAndDesktopClients auth" {
		$userId = 'f6de2794-dee6-46a8-9e66-075a8a97d088' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Contain 'mfa' 
	}

	It "mfa for [email protected] on Office 365 Portal with browser auth" {
		$userId = 'f6de2794-dee6-46a8-9e66-075a8a97d088' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Contain 'mfa' 
	}

	It "mfa for [email protected] on Office 365 Portal with mobileAppsAndDesktopClients auth" {
		$userId = 'f6de2794-dee6-46a8-9e66-075a8a97d088' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Contain 'mfa' 
	}

	It "mfa for [email protected] on Office 365 Exchange Online with browser auth" {
		$userId = '3680a275-fce0-40f7-aeb8-6ee1916fb4eb' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Contain 'mfa' 
	}

	It "mfa for [email protected] on Office 365 Exchange Online with mobileAppsAndDesktopClients auth" {
		$userId = '3680a275-fce0-40f7-aeb8-6ee1916fb4eb' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Contain 'mfa' 
	}

	It "mfa for [email protected] on Office 365 SharePoint Online with browser auth" {
		$userId = '3680a275-fce0-40f7-aeb8-6ee1916fb4eb' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Contain 'mfa' 
	}

	It "mfa for [email protected] on Office 365 SharePoint Online with mobileAppsAndDesktopClients auth" {
		$userId = '3680a275-fce0-40f7-aeb8-6ee1916fb4eb' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Contain 'mfa' 
	}

	It "mfa for [email protected] on Office 365 Portal with browser auth" {
		$userId = '3680a275-fce0-40f7-aeb8-6ee1916fb4eb' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Contain 'mfa' 
	}

	It "mfa for [email protected] on Office 365 Portal with mobileAppsAndDesktopClients auth" {
		$userId = '3680a275-fce0-40f7-aeb8-6ee1916fb4eb' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Contain 'mfa' 
	}

	It "mfa for [email protected] on Office 365 Exchange Online with mobileAppsAndDesktopClients auth with high user risk" {
		$userId = '3680a275-fce0-40f7-aeb8-6ee1916fb4eb' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -UserRiskLevel 'High' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Contain 'mfa' 
	}

	It "passwordChange for [email protected] on Office 365 Exchange Online with mobileAppsAndDesktopClients auth with high user risk" {
		$userId = '3680a275-fce0-40f7-aeb8-6ee1916fb4eb' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -UserRiskLevel 'High' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Contain 'passwordChange' 
	}

	It "mfa for [email protected] on Office 365 Exchange Online with legacy auth with high user risk" {
		$userId = '3680a275-fce0-40f7-aeb8-6ee1916fb4eb' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -UserRiskLevel 'High' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Contain 'mfa' 
	}

	It "passwordChange for [email protected] on Office 365 Exchange Online with legacy auth with high user risk" {
		$userId = '3680a275-fce0-40f7-aeb8-6ee1916fb4eb' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -UserRiskLevel 'High' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Contain 'passwordChange' 
	}

	It "mfa for [email protected] on Office 365 SharePoint Online with browser auth with high user risk" {
		$userId = '3680a275-fce0-40f7-aeb8-6ee1916fb4eb' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -UserRiskLevel 'High' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Contain 'mfa' 
	}

	It "passwordChange for [email protected] on Office 365 SharePoint Online with browser auth with high user risk" {
		$userId = '3680a275-fce0-40f7-aeb8-6ee1916fb4eb' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -UserRiskLevel 'High' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Contain 'passwordChange' 
	}

	It "mfa for [email protected] on Office 365 SharePoint Online with mobileAppsAndDesktopClients auth with high user risk" {
		$userId = '3680a275-fce0-40f7-aeb8-6ee1916fb4eb' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -UserRiskLevel 'High' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Contain 'mfa' 
	}

	It "passwordChange for [email protected] on Office 365 SharePoint Online with mobileAppsAndDesktopClients auth with high user risk" {
		$userId = '3680a275-fce0-40f7-aeb8-6ee1916fb4eb' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -UserRiskLevel 'High' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Contain 'passwordChange' 
	}

	It "mfa for [email protected] on Office 365 SharePoint Online with legacy auth with high user risk" {
		$userId = '3680a275-fce0-40f7-aeb8-6ee1916fb4eb' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -UserRiskLevel 'High' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Contain 'mfa' 
	}

	It "passwordChange for [email protected] on Office 365 SharePoint Online with legacy auth with high user risk" {
		$userId = '3680a275-fce0-40f7-aeb8-6ee1916fb4eb' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000003-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -UserRiskLevel 'High' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Contain 'passwordChange' 
	}

	It "mfa for [email protected] on Office 365 Portal with browser auth with high user risk" {
		$userId = '3680a275-fce0-40f7-aeb8-6ee1916fb4eb' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -UserRiskLevel 'High' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Contain 'mfa' 
	}

	It "passwordChange for [email protected] on Office 365 Portal with browser auth with high user risk" {
		$userId = '3680a275-fce0-40f7-aeb8-6ee1916fb4eb' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'browser' -UserRiskLevel 'High' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Contain 'passwordChange' 
	}

	It "mfa for [email protected] on Office 365 Portal with mobileAppsAndDesktopClients auth with high user risk" {
		$userId = '3680a275-fce0-40f7-aeb8-6ee1916fb4eb' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -UserRiskLevel 'High' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Contain 'mfa' 
	}

	It "passwordChange for [email protected] on Office 365 Portal with mobileAppsAndDesktopClients auth with high user risk" {
		$userId = '3680a275-fce0-40f7-aeb8-6ee1916fb4eb' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'mobileAppsAndDesktopClients' -UserRiskLevel 'High' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Contain 'passwordChange' 
	}

	It "mfa for [email protected] on Office 365 Portal with legacy auth with high user risk" {
		$userId = '3680a275-fce0-40f7-aeb8-6ee1916fb4eb' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -UserRiskLevel 'High' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Contain 'mfa' 
	}

	It "passwordChange for [email protected] on Office 365 Portal with legacy auth with high user risk" {
		$userId = '3680a275-fce0-40f7-aeb8-6ee1916fb4eb' # [email protected] 
		$policiesEnforced = Test-MtConditionalAccessWhatIf -UserId $userId -IncludeApplications '00000006-0000-0ff1-ce00-000000000000' -ClientAppType 'other' -UserRiskLevel 'High' 
		$policiesEnforced = $policiesEnforced | Where-Object { $_.state -eq 'enabled' } 
		$policiesEnforced.grantControls.builtInControls | Should -Contain 'passwordChange' 
	}
}

255 Maester tests copied to clipboard!

Conditional Access policy	CA001 - Require MFA
Conditional Access policy ID	52fa4ddf-15e0-4503-8c2c-3360e81e6c77
Expected control	mfa
User ID	83198522-6fea-4874-a65c-8b65e2fcf789
UPN	[email protected]
Application	SalesForce
Application ID	fee33ea8-ef07-46a3-a624-166a132eca8d
Client application	mobileAppsAndDesktopClients
IP range	/
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA001 - Require MFA
Conditional Access policy ID	52fa4ddf-15e0-4503-8c2c-3360e81e6c77
Expected control	mfa
User ID	83198522-6fea-4874-a65c-8b65e2fcf789
UPN	[email protected]
Application	SalesForce
Application ID	fee33ea8-ef07-46a3-a624-166a132eca8d
Client application	other
IP range	/
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA000 - Block Legacy Auth
Conditional Access policy ID	f0e5d9e4-c496-4eb3-9a38-f6ce43880ea9
Expected control	block
User ID	18fc864a-31d0-41fe-bd45-b5da31bb1957
UPN	[email protected] (random)
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	other
IP range	/
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA000 - Block Legacy Auth
Conditional Access policy ID	f0e5d9e4-c496-4eb3-9a38-f6ce43880ea9
Expected control	block
User ID	18fc864a-31d0-41fe-bd45-b5da31bb1957
UPN	[email protected] (random)
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	other
IP range	/
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA000 - Block Legacy Auth
Conditional Access policy ID	f0e5d9e4-c496-4eb3-9a38-f6ce43880ea9
Expected control	block
User ID	4f53b752-f868-4f4c-ab1f-69d0019a6d73
UPN	[email protected] (random)
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	other
IP range	/
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA000 - Block Legacy Auth
Conditional Access policy ID	f0e5d9e4-c496-4eb3-9a38-f6ce43880ea9
Expected control	block
User ID	4f53b752-f868-4f4c-ab1f-69d0019a6d73
UPN	[email protected] (random)
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	other
IP range	/
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA000 - Block Legacy Auth
Conditional Access policy ID	f0e5d9e4-c496-4eb3-9a38-f6ce43880ea9
Expected control	block
User ID	4f53b752-f868-4f4c-ab1f-69d0019a6d73
UPN	[email protected] (random)
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	other
IP range	/
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA000 - Block Legacy Auth
Conditional Access policy ID	f0e5d9e4-c496-4eb3-9a38-f6ce43880ea9
Expected control	block
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected] (random)
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	other
IP range	/
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA000 - Block Legacy Auth
Conditional Access policy ID	f0e5d9e4-c496-4eb3-9a38-f6ce43880ea9
Expected control	block
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected] (random)
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	other
IP range	/
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA000 - Block Legacy Auth
Conditional Access policy ID	f0e5d9e4-c496-4eb3-9a38-f6ce43880ea9
Expected control	block
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected] (random)
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	other
IP range	/
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA000 - Block Legacy Auth
Conditional Access policy ID	f0e5d9e4-c496-4eb3-9a38-f6ce43880ea9
Expected control	block
User ID	a2dade92-ca59-4342-9b47-cff542df0270
UPN	[email protected] (random)
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	other
IP range	/
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA000 - Block Legacy Auth
Conditional Access policy ID	f0e5d9e4-c496-4eb3-9a38-f6ce43880ea9
Expected control	block
User ID	a2dade92-ca59-4342-9b47-cff542df0270
UPN	[email protected] (random)
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	other
IP range	/
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA000 - Block Legacy Auth
Conditional Access policy ID	f0e5d9e4-c496-4eb3-9a38-f6ce43880ea9
Expected control	block
User ID	a2dade92-ca59-4342-9b47-cff542df0270
UPN	[email protected] (random)
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	other
IP range	/
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA000 - Block Legacy Auth
Conditional Access policy ID	f0e5d9e4-c496-4eb3-9a38-f6ce43880ea9
Expected control	block
User ID	70a22604-6070-48bb-87fd-ac3428b3de94
UPN	[email protected] (random)
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	other
IP range	/
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA000 - Block Legacy Auth
Conditional Access policy ID	f0e5d9e4-c496-4eb3-9a38-f6ce43880ea9
Expected control	block
User ID	70a22604-6070-48bb-87fd-ac3428b3de94
UPN	[email protected] (random)
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	other
IP range	/
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA000 - Block Legacy Auth
Conditional Access policy ID	f0e5d9e4-c496-4eb3-9a38-f6ce43880ea9
Expected control	block
User ID	70a22604-6070-48bb-87fd-ac3428b3de94
UPN	[email protected] (random)
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	other
IP range	/
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA000 - Block Legacy Auth
Conditional Access policy ID	f0e5d9e4-c496-4eb3-9a38-f6ce43880ea9
Expected control	no block
User ID	290a4c5c-e478-42ac-aef7-673c1be5ad70
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	other
IP range	/
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA000 - Block Legacy Auth
Conditional Access policy ID	f0e5d9e4-c496-4eb3-9a38-f6ce43880ea9
Expected control	no block
User ID	290a4c5c-e478-42ac-aef7-673c1be5ad70
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	other
IP range	/
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA000 - Block Legacy Auth
Conditional Access policy ID	f0e5d9e4-c496-4eb3-9a38-f6ce43880ea9
Expected control	no block
User ID	290a4c5c-e478-42ac-aef7-673c1be5ad70
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	other
IP range	/
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA000 - Block Legacy Auth
Conditional Access policy ID	f0e5d9e4-c496-4eb3-9a38-f6ce43880ea9
Expected control	no block
User ID	4ed45a39-c13b-4199-bfe6-a2ed87ad8851
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	other
IP range	/
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA000 - Block Legacy Auth
Conditional Access policy ID	f0e5d9e4-c496-4eb3-9a38-f6ce43880ea9
Expected control	no block
User ID	4ed45a39-c13b-4199-bfe6-a2ed87ad8851
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	other
IP range	/
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA000 - Block Legacy Auth
Conditional Access policy ID	f0e5d9e4-c496-4eb3-9a38-f6ce43880ea9
Expected control	no block
User ID	4ed45a39-c13b-4199-bfe6-a2ed87ad8851
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	other
IP range	/
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA000 - Block Legacy Auth
Conditional Access policy ID	f0e5d9e4-c496-4eb3-9a38-f6ce43880ea9
Expected control	no block
User ID	b6d5a6f8-f8a6-4831-b864-b61439795563
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	other
IP range	/
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA000 - Block Legacy Auth
Conditional Access policy ID	f0e5d9e4-c496-4eb3-9a38-f6ce43880ea9
Expected control	no block
User ID	b6d5a6f8-f8a6-4831-b864-b61439795563
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	other
IP range	/
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA000 - Block Legacy Auth
Conditional Access policy ID	f0e5d9e4-c496-4eb3-9a38-f6ce43880ea9
Expected control	no block
User ID	b6d5a6f8-f8a6-4831-b864-b61439795563
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	other
IP range	/
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA000 - Block Legacy Auth
Conditional Access policy ID	f0e5d9e4-c496-4eb3-9a38-f6ce43880ea9
Expected control	no block
User ID	81325a5b-73ee-459b-95e9-ed17251b3318
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	other
IP range	/
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA000 - Block Legacy Auth
Conditional Access policy ID	f0e5d9e4-c496-4eb3-9a38-f6ce43880ea9
Expected control	no block
User ID	81325a5b-73ee-459b-95e9-ed17251b3318
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	other
IP range	/
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA000 - Block Legacy Auth
Conditional Access policy ID	f0e5d9e4-c496-4eb3-9a38-f6ce43880ea9
Expected control	no block
User ID	81325a5b-73ee-459b-95e9-ed17251b3318
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	other
IP range	/
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA001 - Require phishing-resistant MFA
Conditional Access policy ID	1f1da467-9124-415d-b877-60e24182102e
Expected control	no block
User ID	2450f61c-7ae5-4157-ac02-817228ed38bd
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	browser
IP range	80.90.100.110
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA001 - Require phishing-resistant MFA
Conditional Access policy ID	1f1da467-9124-415d-b877-60e24182102e
Expected control	no block
User ID	2450f61c-7ae5-4157-ac02-817228ed38bd
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	browser
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA001 - Require phishing-resistant MFA
Conditional Access policy ID	1f1da467-9124-415d-b877-60e24182102e
Expected control	no block
User ID	2450f61c-7ae5-4157-ac02-817228ed38bd
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	111.222.111.222
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA001 - Require phishing-resistant MFA
Conditional Access policy ID	1f1da467-9124-415d-b877-60e24182102e
Expected control	no block
User ID	2450f61c-7ae5-4157-ac02-817228ed38bd
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	80.90.100.110
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA001 - Require phishing-resistant MFA
Conditional Access policy ID	1f1da467-9124-415d-b877-60e24182102e
Expected control	no block
User ID	2450f61c-7ae5-4157-ac02-817228ed38bd
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA001 - Require phishing-resistant MFA
Conditional Access policy ID	1f1da467-9124-415d-b877-60e24182102e
Expected control	no block
User ID	2450f61c-7ae5-4157-ac02-817228ed38bd
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	other
IP range	111.222.111.222
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA001 - Require phishing-resistant MFA
Conditional Access policy ID	1f1da467-9124-415d-b877-60e24182102e
Expected control	no block
User ID	2450f61c-7ae5-4157-ac02-817228ed38bd
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	other
IP range	80.90.100.110
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA001 - Require phishing-resistant MFA
Conditional Access policy ID	1f1da467-9124-415d-b877-60e24182102e
Expected control	no block
User ID	2450f61c-7ae5-4157-ac02-817228ed38bd
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	other
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA001 - Require phishing-resistant MFA
Conditional Access policy ID	1f1da467-9124-415d-b877-60e24182102e
Expected control	no block
User ID	2450f61c-7ae5-4157-ac02-817228ed38bd
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	browser
IP range	111.222.111.222
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA001 - Require phishing-resistant MFA
Conditional Access policy ID	1f1da467-9124-415d-b877-60e24182102e
Expected control	no block
User ID	2450f61c-7ae5-4157-ac02-817228ed38bd
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	browser
IP range	80.90.100.110
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA001 - Require phishing-resistant MFA
Conditional Access policy ID	1f1da467-9124-415d-b877-60e24182102e
Expected control	no block
User ID	2450f61c-7ae5-4157-ac02-817228ed38bd
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	browser
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA001 - Require phishing-resistant MFA
Conditional Access policy ID	1f1da467-9124-415d-b877-60e24182102e
Expected control	no block
User ID	2450f61c-7ae5-4157-ac02-817228ed38bd
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	111.222.111.222
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA001 - Require phishing-resistant MFA
Conditional Access policy ID	1f1da467-9124-415d-b877-60e24182102e
Expected control	no block
User ID	2450f61c-7ae5-4157-ac02-817228ed38bd
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	80.90.100.110
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA001 - Require phishing-resistant MFA
Conditional Access policy ID	1f1da467-9124-415d-b877-60e24182102e
Expected control	no block
User ID	2450f61c-7ae5-4157-ac02-817228ed38bd
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA001 - Require phishing-resistant MFA
Conditional Access policy ID	1f1da467-9124-415d-b877-60e24182102e
Expected control	no block
User ID	2450f61c-7ae5-4157-ac02-817228ed38bd
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	other
IP range	111.222.111.222
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA001 - Require phishing-resistant MFA
Conditional Access policy ID	1f1da467-9124-415d-b877-60e24182102e
Expected control	no block
User ID	2450f61c-7ae5-4157-ac02-817228ed38bd
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	other
IP range	80.90.100.110
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA001 - Require phishing-resistant MFA
Conditional Access policy ID	1f1da467-9124-415d-b877-60e24182102e
Expected control	no block
User ID	2450f61c-7ae5-4157-ac02-817228ed38bd
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	other
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA001 - Require phishing-resistant MFA
Conditional Access policy ID	1f1da467-9124-415d-b877-60e24182102e
Expected control	no block
User ID	2450f61c-7ae5-4157-ac02-817228ed38bd
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	browser
IP range	111.222.111.222
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA001 - Require phishing-resistant MFA
Conditional Access policy ID	1f1da467-9124-415d-b877-60e24182102e
Expected control	no block
User ID	2450f61c-7ae5-4157-ac02-817228ed38bd
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	browser
IP range	80.90.100.110
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA001 - Require phishing-resistant MFA
Conditional Access policy ID	1f1da467-9124-415d-b877-60e24182102e
Expected control	no block
User ID	2450f61c-7ae5-4157-ac02-817228ed38bd
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	browser
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA001 - Require phishing-resistant MFA
Conditional Access policy ID	1f1da467-9124-415d-b877-60e24182102e
Expected control	no block
User ID	2450f61c-7ae5-4157-ac02-817228ed38bd
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	111.222.111.222
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA001 - Require phishing-resistant MFA
Conditional Access policy ID	1f1da467-9124-415d-b877-60e24182102e
Expected control	no block
User ID	2450f61c-7ae5-4157-ac02-817228ed38bd
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	80.90.100.110
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA001 - Require phishing-resistant MFA
Conditional Access policy ID	1f1da467-9124-415d-b877-60e24182102e
Expected control	no block
User ID	2450f61c-7ae5-4157-ac02-817228ed38bd
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA001 - Require phishing-resistant MFA
Conditional Access policy ID	1f1da467-9124-415d-b877-60e24182102e
Expected control	no block
User ID	2450f61c-7ae5-4157-ac02-817228ed38bd
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	other
IP range	111.222.111.222
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA001 - Require phishing-resistant MFA
Conditional Access policy ID	1f1da467-9124-415d-b877-60e24182102e
Expected control	no block
User ID	2450f61c-7ae5-4157-ac02-817228ed38bd
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	other
IP range	80.90.100.110
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA001 - Require phishing-resistant MFA
Conditional Access policy ID	1f1da467-9124-415d-b877-60e24182102e
Expected control	no block
User ID	2450f61c-7ae5-4157-ac02-817228ed38bd
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	other
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA001 - Block outside EU
Conditional Access policy ID	67a8a93d-3b44-4d69-9adc-37c00b439ccd
Expected control	mfa
User ID	290a4c5c-e478-42ac-aef7-673c1be5ad70
UPN	[email protected]
Application	ServiceNow
Application ID	5f752671-c0f0-4b39-a4c4-9db9f2a79621
Client application	mobileAppsAndDesktopClients
IP range	/
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA001 - Block outside EU
Conditional Access policy ID	67a8a93d-3b44-4d69-9adc-37c00b439ccd
Expected control	mfa
User ID	290a4c5c-e478-42ac-aef7-673c1be5ad70
UPN	[email protected]
Application	ServiceNow
Application ID	5f752671-c0f0-4b39-a4c4-9db9f2a79621
Client application	other
IP range	/
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA001 - Block outside EU
Conditional Access policy ID	67a8a93d-3b44-4d69-9adc-37c00b439ccd
Expected control	mfa
User ID	83198522-6fea-4874-a65c-8b65e2fcf789
UPN	[email protected]
Application	ServiceNow
Application ID	5f752671-c0f0-4b39-a4c4-9db9f2a79621
Client application	browser
IP range	/
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA001 - Block outside EU
Conditional Access policy ID	67a8a93d-3b44-4d69-9adc-37c00b439ccd
Expected control	mfa
User ID	83198522-6fea-4874-a65c-8b65e2fcf789
UPN	[email protected]
Application	ServiceNow
Application ID	5f752671-c0f0-4b39-a4c4-9db9f2a79621
Client application	mobileAppsAndDesktopClients
IP range	/
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA001 - Block outside EU
Conditional Access policy ID	67a8a93d-3b44-4d69-9adc-37c00b439ccd
Expected control	mfa
User ID	83198522-6fea-4874-a65c-8b65e2fcf789
UPN	[email protected]
Application	ServiceNow
Application ID	5f752671-c0f0-4b39-a4c4-9db9f2a79621
Client application	other
IP range	/
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA001 - Block outside EU
Conditional Access policy ID	67a8a93d-3b44-4d69-9adc-37c00b439ccd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	ServiceNow
Application ID	5f752671-c0f0-4b39-a4c4-9db9f2a79621
Client application	browser
IP range	/
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA001 - Block outside EU
Conditional Access policy ID	67a8a93d-3b44-4d69-9adc-37c00b439ccd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	ServiceNow
Application ID	5f752671-c0f0-4b39-a4c4-9db9f2a79621
Client application	mobileAppsAndDesktopClients
IP range	/
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA001 - Block outside EU
Conditional Access policy ID	67a8a93d-3b44-4d69-9adc-37c00b439ccd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	ServiceNow
Application ID	5f752671-c0f0-4b39-a4c4-9db9f2a79621
Client application	other
IP range	/
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA013 - Block old Windows versions
Conditional Access policy ID	86add108-de6b-4d48-9ca3-745930a9d453
Expected control	compliantDevice
User ID	d123545e-dd37-4f26-8a75-2a4c8c036ab1
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	/
Device Platform	android
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA013 - Block old Windows versions
Conditional Access policy ID	86add108-de6b-4d48-9ca3-745930a9d453
Expected control	compliantDevice
User ID	d123545e-dd37-4f26-8a75-2a4c8c036ab1
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	browser
IP range	/
Device Platform	android
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA013 - Block old Windows versions
Conditional Access policy ID	86add108-de6b-4d48-9ca3-745930a9d453
Expected control	compliantDevice
User ID	d123545e-dd37-4f26-8a75-2a4c8c036ab1
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	/
Device Platform	android
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA013 - Block old Windows versions
Conditional Access policy ID	86add108-de6b-4d48-9ca3-745930a9d453
Expected control	compliantDevice
User ID	d123545e-dd37-4f26-8a75-2a4c8c036ab1
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	browser
IP range	/
Device Platform	android
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA013 - Block old Windows versions
Conditional Access policy ID	86add108-de6b-4d48-9ca3-745930a9d453
Expected control	compliantDevice
User ID	d123545e-dd37-4f26-8a75-2a4c8c036ab1
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	/
Device Platform	android
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	cf3edad4-8528-43ba-9f7d-cfae49a6ff82
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	browser
IP range	111.222.111.222
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	cf3edad4-8528-43ba-9f7d-cfae49a6ff82
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	browser
IP range	80.90.100.110
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	cf3edad4-8528-43ba-9f7d-cfae49a6ff82
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	browser
IP range	80.90.100.110
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	cf3edad4-8528-43ba-9f7d-cfae49a6ff82
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	browser
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	cf3edad4-8528-43ba-9f7d-cfae49a6ff82
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	browser
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	cf3edad4-8528-43ba-9f7d-cfae49a6ff82
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	111.222.111.222
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	cf3edad4-8528-43ba-9f7d-cfae49a6ff82
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	111.222.111.222
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	cf3edad4-8528-43ba-9f7d-cfae49a6ff82
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	80.90.100.110
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	cf3edad4-8528-43ba-9f7d-cfae49a6ff82
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	80.90.100.110
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	cf3edad4-8528-43ba-9f7d-cfae49a6ff82
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	cf3edad4-8528-43ba-9f7d-cfae49a6ff82
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	cf3edad4-8528-43ba-9f7d-cfae49a6ff82
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	other
IP range	111.222.111.222
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	cf3edad4-8528-43ba-9f7d-cfae49a6ff82
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	other
IP range	111.222.111.222
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	cf3edad4-8528-43ba-9f7d-cfae49a6ff82
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	other
IP range	80.90.100.110
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	cf3edad4-8528-43ba-9f7d-cfae49a6ff82
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	other
IP range	80.90.100.110
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	cf3edad4-8528-43ba-9f7d-cfae49a6ff82
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	other
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	cf3edad4-8528-43ba-9f7d-cfae49a6ff82
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	other
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	cf3edad4-8528-43ba-9f7d-cfae49a6ff82
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	browser
IP range	111.222.111.222
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	cf3edad4-8528-43ba-9f7d-cfae49a6ff82
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	browser
IP range	111.222.111.222
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	cf3edad4-8528-43ba-9f7d-cfae49a6ff82
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	browser
IP range	80.90.100.110
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	cf3edad4-8528-43ba-9f7d-cfae49a6ff82
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	browser
IP range	80.90.100.110
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	cf3edad4-8528-43ba-9f7d-cfae49a6ff82
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	browser
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	cf3edad4-8528-43ba-9f7d-cfae49a6ff82
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	browser
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	cf3edad4-8528-43ba-9f7d-cfae49a6ff82
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	111.222.111.222
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	cf3edad4-8528-43ba-9f7d-cfae49a6ff82
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	111.222.111.222
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	cf3edad4-8528-43ba-9f7d-cfae49a6ff82
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	80.90.100.110
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	cf3edad4-8528-43ba-9f7d-cfae49a6ff82
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	80.90.100.110
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	cf3edad4-8528-43ba-9f7d-cfae49a6ff82
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	cf3edad4-8528-43ba-9f7d-cfae49a6ff82
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	cf3edad4-8528-43ba-9f7d-cfae49a6ff82
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	other
IP range	111.222.111.222
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	cf3edad4-8528-43ba-9f7d-cfae49a6ff82
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	other
IP range	111.222.111.222
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	cf3edad4-8528-43ba-9f7d-cfae49a6ff82
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	other
IP range	80.90.100.110
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	cf3edad4-8528-43ba-9f7d-cfae49a6ff82
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	other
IP range	80.90.100.110
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	cf3edad4-8528-43ba-9f7d-cfae49a6ff82
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	other
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	cf3edad4-8528-43ba-9f7d-cfae49a6ff82
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	other
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	cf3edad4-8528-43ba-9f7d-cfae49a6ff82
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	browser
IP range	111.222.111.222
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	cf3edad4-8528-43ba-9f7d-cfae49a6ff82
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	browser
IP range	111.222.111.222
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	cf3edad4-8528-43ba-9f7d-cfae49a6ff82
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	browser
IP range	80.90.100.110
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	cf3edad4-8528-43ba-9f7d-cfae49a6ff82
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	browser
IP range	80.90.100.110
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	cf3edad4-8528-43ba-9f7d-cfae49a6ff82
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	browser
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	cf3edad4-8528-43ba-9f7d-cfae49a6ff82
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	browser
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	cf3edad4-8528-43ba-9f7d-cfae49a6ff82
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	111.222.111.222
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	cf3edad4-8528-43ba-9f7d-cfae49a6ff82
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	111.222.111.222
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	cf3edad4-8528-43ba-9f7d-cfae49a6ff82
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	80.90.100.110
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	cf3edad4-8528-43ba-9f7d-cfae49a6ff82
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	80.90.100.110
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	cf3edad4-8528-43ba-9f7d-cfae49a6ff82
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	cf3edad4-8528-43ba-9f7d-cfae49a6ff82
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	cf3edad4-8528-43ba-9f7d-cfae49a6ff82
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	other
IP range	111.222.111.222
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	cf3edad4-8528-43ba-9f7d-cfae49a6ff82
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	other
IP range	111.222.111.222
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	cf3edad4-8528-43ba-9f7d-cfae49a6ff82
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	other
IP range	80.90.100.110
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	cf3edad4-8528-43ba-9f7d-cfae49a6ff82
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	other
IP range	80.90.100.110
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	cf3edad4-8528-43ba-9f7d-cfae49a6ff82
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	other
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	cf3edad4-8528-43ba-9f7d-cfae49a6ff82
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	other
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	browser
IP range	111.222.111.222
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	browser
IP range	111.222.111.222
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	browser
IP range	80.90.100.110
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	browser
IP range	80.90.100.110
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	browser
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	browser
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	111.222.111.222
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	111.222.111.222
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	80.90.100.110
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	80.90.100.110
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	other
IP range	111.222.111.222
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	other
IP range	111.222.111.222
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	other
IP range	80.90.100.110
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	other
IP range	80.90.100.110
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	other
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	other
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	browser
IP range	111.222.111.222
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	browser
IP range	111.222.111.222
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	browser
IP range	80.90.100.110
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	browser
IP range	80.90.100.110
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	browser
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	browser
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	111.222.111.222
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	111.222.111.222
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	80.90.100.110
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	80.90.100.110
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	other
IP range	111.222.111.222
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	other
IP range	111.222.111.222
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	other
IP range	80.90.100.110
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	other
IP range	80.90.100.110
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	other
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	other
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	browser
IP range	111.222.111.222
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	browser
IP range	111.222.111.222
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	browser
IP range	80.90.100.110
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	browser
IP range	80.90.100.110
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	browser
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	browser
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	111.222.111.222
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	111.222.111.222
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	80.90.100.110
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	80.90.100.110
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	other
IP range	111.222.111.222
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	other
IP range	111.222.111.222
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	other
IP range	80.90.100.110
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	other
IP range	80.90.100.110
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	other
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	5fa182bd-dc11-492e-b1d6-7d66cd6eeb37
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	other
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	browser
IP range	111.222.111.222
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	browser
IP range	111.222.111.222
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	browser
IP range	80.90.100.110
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	browser
IP range	80.90.100.110
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	browser
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	browser
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	111.222.111.222
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	111.222.111.222
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	80.90.100.110
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	80.90.100.110
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	other
IP range	111.222.111.222
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	other
IP range	111.222.111.222
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	other
IP range	80.90.100.110
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	other
IP range	80.90.100.110
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	other
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	other
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	browser
IP range	111.222.111.222
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	browser
IP range	111.222.111.222
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	browser
IP range	80.90.100.110
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	browser
IP range	80.90.100.110
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	browser
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	browser
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	111.222.111.222
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	111.222.111.222
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	80.90.100.110
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	80.90.100.110
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	other
IP range	111.222.111.222
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	other
IP range	111.222.111.222
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	other
IP range	80.90.100.110
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	other
IP range	80.90.100.110
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	other
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	other
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	browser
IP range	111.222.111.222
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	browser
IP range	111.222.111.222
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	browser
IP range	80.90.100.110
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	browser
IP range	80.90.100.110
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	browser
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	browser
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	111.222.111.222
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	111.222.111.222
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	80.90.100.110
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	80.90.100.110
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	other
IP range	111.222.111.222
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	other
IP range	111.222.111.222
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	other
IP range	80.90.100.110
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	other
IP range	80.90.100.110
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	other
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA010 - Sign-in frequency 10 hours
Conditional Access policy ID	c7ad2b51-9f82-46e3-8f88-c552783e70cd
Expected control	no mfa
User ID	971a9e46-6b11-4be4-8d12-7a47c9ac35ce
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	other
IP range	2aa:1810:513:b900:29f6:eab8:d3ab:e1ae
Device Platform	windows
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA012 - Block unknown Operating Systems
Conditional Access policy ID	76e48a65-0184-4cc5-a8f0-962a824b8169
Expected control	mfa
User ID	f6de2794-dee6-46a8-9e66-075a8a97d088
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	/
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA012 - Block unknown Operating Systems
Conditional Access policy ID	76e48a65-0184-4cc5-a8f0-962a824b8169
Expected control	mfa
User ID	f6de2794-dee6-46a8-9e66-075a8a97d088
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	browser
IP range	/
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA012 - Block unknown Operating Systems
Conditional Access policy ID	76e48a65-0184-4cc5-a8f0-962a824b8169
Expected control	mfa
User ID	f6de2794-dee6-46a8-9e66-075a8a97d088
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	/
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA012 - Block unknown Operating Systems
Conditional Access policy ID	76e48a65-0184-4cc5-a8f0-962a824b8169
Expected control	mfa
User ID	f6de2794-dee6-46a8-9e66-075a8a97d088
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	browser
IP range	/
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA012 - Block unknown Operating Systems
Conditional Access policy ID	76e48a65-0184-4cc5-a8f0-962a824b8169
Expected control	mfa
User ID	f6de2794-dee6-46a8-9e66-075a8a97d088
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	/
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA012 - Block unknown Operating Systems
Conditional Access policy ID	76e48a65-0184-4cc5-a8f0-962a824b8169
Expected control	mfa
User ID	3680a275-fce0-40f7-aeb8-6ee1916fb4eb
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	browser
IP range	/
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA012 - Block unknown Operating Systems
Conditional Access policy ID	76e48a65-0184-4cc5-a8f0-962a824b8169
Expected control	mfa
User ID	3680a275-fce0-40f7-aeb8-6ee1916fb4eb
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	/
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA012 - Block unknown Operating Systems
Conditional Access policy ID	76e48a65-0184-4cc5-a8f0-962a824b8169
Expected control	mfa
User ID	3680a275-fce0-40f7-aeb8-6ee1916fb4eb
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	browser
IP range	/
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA012 - Block unknown Operating Systems
Conditional Access policy ID	76e48a65-0184-4cc5-a8f0-962a824b8169
Expected control	mfa
User ID	3680a275-fce0-40f7-aeb8-6ee1916fb4eb
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	/
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA012 - Block unknown Operating Systems
Conditional Access policy ID	76e48a65-0184-4cc5-a8f0-962a824b8169
Expected control	mfa
User ID	3680a275-fce0-40f7-aeb8-6ee1916fb4eb
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	browser
IP range	/
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA012 - Block unknown Operating Systems
Conditional Access policy ID	76e48a65-0184-4cc5-a8f0-962a824b8169
Expected control	mfa
User ID	3680a275-fce0-40f7-aeb8-6ee1916fb4eb
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	/
Device Platform	/
User risk	/
Signin risk	/
User action	/

Conditional Access policy	CA008 - Password reset on high risk
Conditional Access policy ID	3bde746b-abc0-4df0-9876-3f1f0f152932
Expected control	mfa
User ID	3680a275-fce0-40f7-aeb8-6ee1916fb4eb
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	/
Device Platform	/
User risk	high
Signin risk	/
User action	/

Conditional Access policy	CA008 - Password reset on high risk
Conditional Access policy ID	3bde746b-abc0-4df0-9876-3f1f0f152932
Expected control	passwordChange
User ID	3680a275-fce0-40f7-aeb8-6ee1916fb4eb
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	/
Device Platform	/
User risk	high
Signin risk	/
User action	/

Conditional Access policy	CA008 - Password reset on high risk
Conditional Access policy ID	3bde746b-abc0-4df0-9876-3f1f0f152932
Expected control	mfa
User ID	3680a275-fce0-40f7-aeb8-6ee1916fb4eb
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	other
IP range	/
Device Platform	/
User risk	high
Signin risk	/
User action	/

Conditional Access policy	CA008 - Password reset on high risk
Conditional Access policy ID	3bde746b-abc0-4df0-9876-3f1f0f152932
Expected control	passwordChange
User ID	3680a275-fce0-40f7-aeb8-6ee1916fb4eb
UPN	[email protected]
Application	Office 365 Exchange Online
Application ID	00000002-0000-0ff1-ce00-000000000000
Client application	other
IP range	/
Device Platform	/
User risk	high
Signin risk	/
User action	/

Conditional Access policy	CA008 - Password reset on high risk
Conditional Access policy ID	3bde746b-abc0-4df0-9876-3f1f0f152932
Expected control	mfa
User ID	3680a275-fce0-40f7-aeb8-6ee1916fb4eb
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	browser
IP range	/
Device Platform	/
User risk	high
Signin risk	/
User action	/

Conditional Access policy	CA008 - Password reset on high risk
Conditional Access policy ID	3bde746b-abc0-4df0-9876-3f1f0f152932
Expected control	passwordChange
User ID	3680a275-fce0-40f7-aeb8-6ee1916fb4eb
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	browser
IP range	/
Device Platform	/
User risk	high
Signin risk	/
User action	/

Conditional Access policy	CA008 - Password reset on high risk
Conditional Access policy ID	3bde746b-abc0-4df0-9876-3f1f0f152932
Expected control	mfa
User ID	3680a275-fce0-40f7-aeb8-6ee1916fb4eb
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	/
Device Platform	/
User risk	high
Signin risk	/
User action	/

Conditional Access policy	CA008 - Password reset on high risk
Conditional Access policy ID	3bde746b-abc0-4df0-9876-3f1f0f152932
Expected control	passwordChange
User ID	3680a275-fce0-40f7-aeb8-6ee1916fb4eb
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	/
Device Platform	/
User risk	high
Signin risk	/
User action	/

Conditional Access policy	CA008 - Password reset on high risk
Conditional Access policy ID	3bde746b-abc0-4df0-9876-3f1f0f152932
Expected control	mfa
User ID	3680a275-fce0-40f7-aeb8-6ee1916fb4eb
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	other
IP range	/
Device Platform	/
User risk	high
Signin risk	/
User action	/

Conditional Access policy	CA008 - Password reset on high risk
Conditional Access policy ID	3bde746b-abc0-4df0-9876-3f1f0f152932
Expected control	passwordChange
User ID	3680a275-fce0-40f7-aeb8-6ee1916fb4eb
UPN	[email protected]
Application	Office 365 SharePoint Online
Application ID	00000003-0000-0ff1-ce00-000000000000
Client application	other
IP range	/
Device Platform	/
User risk	high
Signin risk	/
User action	/

Conditional Access policy	CA008 - Password reset on high risk
Conditional Access policy ID	3bde746b-abc0-4df0-9876-3f1f0f152932
Expected control	mfa
User ID	3680a275-fce0-40f7-aeb8-6ee1916fb4eb
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	browser
IP range	/
Device Platform	/
User risk	high
Signin risk	/
User action	/

Conditional Access policy	CA008 - Password reset on high risk
Conditional Access policy ID	3bde746b-abc0-4df0-9876-3f1f0f152932
Expected control	passwordChange
User ID	3680a275-fce0-40f7-aeb8-6ee1916fb4eb
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	browser
IP range	/
Device Platform	/
User risk	high
Signin risk	/
User action	/

Conditional Access policy	CA008 - Password reset on high risk
Conditional Access policy ID	3bde746b-abc0-4df0-9876-3f1f0f152932
Expected control	mfa
User ID	3680a275-fce0-40f7-aeb8-6ee1916fb4eb
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	/
Device Platform	/
User risk	high
Signin risk	/
User action	/

Conditional Access policy	CA008 - Password reset on high risk
Conditional Access policy ID	3bde746b-abc0-4df0-9876-3f1f0f152932
Expected control	passwordChange
User ID	3680a275-fce0-40f7-aeb8-6ee1916fb4eb
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	mobileAppsAndDesktopClients
IP range	/
Device Platform	/
User risk	high
Signin risk	/
User action	/

Conditional Access policy	CA008 - Password reset on high risk
Conditional Access policy ID	3bde746b-abc0-4df0-9876-3f1f0f152932
Expected control	mfa
User ID	3680a275-fce0-40f7-aeb8-6ee1916fb4eb
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	other
IP range	/
Device Platform	/
User risk	high
Signin risk	/
User action	/

Conditional Access policy	CA008 - Password reset on high risk
Conditional Access policy ID	3bde746b-abc0-4df0-9876-3f1f0f152932
Expected control	passwordChange
User ID	3680a275-fce0-40f7-aeb8-6ee1916fb4eb
UPN	[email protected]
Application	Office 365 Portal
Application ID	00000006-0000-0ff1-ce00-000000000000
Client application	other
IP range	/
Device Platform	/
User risk	high
Signin risk	/
User action	/

If the chart below doesn't load, please refresh with this button:

Download full CSV (155 users)

user	upn	job	external	enabled	CA001 - Require MFA	CA000 - Block Legacy Auth	JABA signin risk	CA001 - Require phishing-resistant MFA	CA001 - Block outside EU	CA013 - Block old Windows versions	CA010 - Require TAP on MFA registration	CA011 - Require compliant device	SQL - Session Time out	CA010 - Sign-in frequency 10 hours	CA012 - Block unknown Operating Systems	CA008 - Password reset on high risk
1test	[email protected]
Local Admin \| Radisson	[email protected]
Adriaan Schepers	[email protected]
On-Premises Directory Synchronization Service Account	[email protected]
abc	[email protected]
Alain Vandam	[email protected]	Administration
Andreas Lauwers	grace_example.com#EXT#@example.org
Andreas Lauwers	[email protected]
Anla test3	[email protected]
Arne Braeckman	[email protected]	Customer Success Manager

The user is included in the Conditional Access policy

The user is excluded from the Conditional Access policy

Next steps:

Download and open the full CSV
Select the full A column
Go to the tab 'Data' and click 'Text to Columns'
Select 'Delimited' and click Next
Only select 'Comma' and click Finish
Click on any cell with text and click 'Filter' in the 'Data' tab
Review by filtering1 or multiple columns, or search in columns
Add Conditional Formatting rules for coloring 'TRUE' and 'FALSE'

The primary goal of the Conditional Access Blueprint approach is to use a static set Conditional Access policies and only add/remove personas (=Entra groups) as needed. This report shows the personas per CA policy:

Conditional Access policy	Included personas	Excluded personas
CA000 - Block Legacy Auth enabled	All accounts 155	Break the Glass 2
CA001 - Require MFA enabled	All accounts 155	Break the Glass 2 Service Accounts 5
CA002 - Require phishing-resistant MFA enabled	Internal admins 13 VIP 7	Break the Glass 2
CA003 - Block outside EU enabled	All accounts 155	Break the Glass 2 Users outside EU 1
CA004 - Block old Windows versions enabled	All accounts 155	Break the Glass 2
CA005 - Require office location on MFA registration enabled	All accounts 155	Break the Glass 2
CA006 - Require compliant device enabled	All accounts 155	Break the Glass 2 Service Accounts for external use 2
CA007 - Sign-in frequency 10 hours enabled	Regular users 81	Break the Glass 2 Service accounts 5
CA008 - Block unknown Operating Systems enabled	All accounts 155	Break the Glass 2
CA009 - Password reset on high risk enabled	All accounts 155	Break the Glass 2

If the chart below doesn't load, please refresh with this button:

⚡Conditional Access Validator, made by Jasper Baes

https://github.com/jasperbaes/Conditional-Access-Validator

This tool is part of the Conditional Access Blueprint. Read the license for info about organizational profit-driven.

⚡ Conditional Access Validator

mfa for [email protected] on SalesForce with mobileAppsAndDesktopClients auth mfa

mfa for [email protected] on SalesForce with legacy auth mfa

block for [email protected] (random) on Office 365 SharePoint Online with legacy auth block

block for [email protected] (random) on Office 365 Portal with legacy auth block

block for [email protected] (random) on Office 365 Exchange Online with legacy auth block

block for [email protected] (random) on Office 365 SharePoint Online with legacy auth block

block for [email protected] (random) on Office 365 Portal with legacy auth block

block for [email protected] (random) on Office 365 Exchange Online with legacy auth block

block for [email protected] (random) on Office 365 SharePoint Online with legacy auth block

block for [email protected] (random) on Office 365 Portal with legacy auth block

block for [email protected] (random) on Office 365 Exchange Online with legacy auth block

block for [email protected] (random) on Office 365 SharePoint Online with legacy auth block

block for [email protected] (random) on Office 365 Portal with legacy auth block

block for [email protected] (random) on Office 365 Exchange Online with legacy auth block

block for [email protected] (random) on Office 365 SharePoint Online with legacy auth block

block for [email protected] (random) on Office 365 Portal with legacy auth block

no block for [email protected] on Office 365 Exchange Online with legacy auth no block

no block for [email protected] on Office 365 SharePoint Online with legacy auth no block

no block for [email protected] on Office 365 Portal with legacy auth no block

no block for [email protected] on Office 365 Exchange Online with legacy auth no block

no block for [email protected] on Office 365 SharePoint Online with legacy auth no block

no block for [email protected] on Office 365 Portal with legacy auth no block

no block for [email protected] on Office 365 Exchange Online with legacy auth no block

no block for [email protected] on Office 365 SharePoint Online with legacy auth no block

no block for [email protected] on Office 365 Portal with legacy auth no block

no block for [email protected] on Office 365 Exchange Online with legacy auth no block

no block for [email protected] on Office 365 SharePoint Online with legacy auth no block

no block for [email protected] on Office 365 Portal with legacy auth no block

no block for [email protected] on Office 365 Exchange Online with browser auth from 80.90.100.110 no block

no block for [email protected] on Office 365 Exchange Online with browser auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae no block

no block for [email protected] on Office 365 Exchange Online with mobileAppsAndDesktopClients auth from 111.222.111.222 no block

no block for [email protected] on Office 365 Exchange Online with mobileAppsAndDesktopClients auth from 80.90.100.110 no block

no block for [email protected] on Office 365 Exchange Online with mobileAppsAndDesktopClients auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae no block

no block for [email protected] on Office 365 Exchange Online with legacy auth from 111.222.111.222 no block

no block for [email protected] on Office 365 Exchange Online with legacy auth from 80.90.100.110 no block

no block for [email protected] on Office 365 Exchange Online with legacy auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae no block

no block for [email protected] on Office 365 SharePoint Online with browser auth from 111.222.111.222 no block

no block for [email protected] on Office 365 SharePoint Online with browser auth from 80.90.100.110 no block

no block for [email protected] on Office 365 SharePoint Online with browser auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae no block

no block for [email protected] on Office 365 SharePoint Online with mobileAppsAndDesktopClients auth from 111.222.111.222 no block

no block for [email protected] on Office 365 SharePoint Online with mobileAppsAndDesktopClients auth from 80.90.100.110 no block

no block for [email protected] on Office 365 SharePoint Online with mobileAppsAndDesktopClients auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae no block

no block for [email protected] on Office 365 SharePoint Online with legacy auth from 111.222.111.222 no block

no block for [email protected] on Office 365 SharePoint Online with legacy auth from 80.90.100.110 no block

no block for [email protected] on Office 365 SharePoint Online with legacy auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae no block

no block for [email protected] on Office 365 Portal with browser auth from 111.222.111.222 no block

no block for [email protected] on Office 365 Portal with browser auth from 80.90.100.110 no block

no block for [email protected] on Office 365 Portal with browser auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae no block

no block for [email protected] on Office 365 Portal with mobileAppsAndDesktopClients auth from 111.222.111.222 no block

no block for [email protected] on Office 365 Portal with mobileAppsAndDesktopClients auth from 80.90.100.110 no block

no block for [email protected] on Office 365 Portal with mobileAppsAndDesktopClients auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae no block

no block for [email protected] on Office 365 Portal with legacy auth from 111.222.111.222 no block

no block for [email protected] on Office 365 Portal with legacy auth from 80.90.100.110 no block

no block for [email protected] on Office 365 Portal with legacy auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae no block

mfa for [email protected] on ServiceNow with mobileAppsAndDesktopClients auth mfa

mfa for [email protected] on ServiceNow with legacy auth mfa

mfa for [email protected] on ServiceNow with browser auth mfa

mfa for [email protected] on ServiceNow with mobileAppsAndDesktopClients auth mfa

mfa for [email protected] on ServiceNow with legacy auth mfa

no mfa for [email protected] on ServiceNow with browser auth no mfa

no mfa for [email protected] on ServiceNow with mobileAppsAndDesktopClients auth no mfa

no mfa for [email protected] on ServiceNow with legacy auth no mfa

compliantDevice for [email protected] on Office 365 Exchange Online with mobileAppsAndDesktopClients auth on android compliantDevice

compliantDevice for [email protected] on Office 365 SharePoint Online with browser auth on android compliantDevice

compliantDevice for [email protected] on Office 365 SharePoint Online with mobileAppsAndDesktopClients auth on android compliantDevice

compliantDevice for [email protected] on Office 365 Portal with browser auth on android compliantDevice

compliantDevice for [email protected] on Office 365 Portal with mobileAppsAndDesktopClients auth on android compliantDevice

no mfa for [email protected] on Office 365 Exchange Online with browser auth from 111.222.111.222 on windows no mfa

no mfa for [email protected] on Office 365 Exchange Online with browser auth from 80.90.100.110 no mfa

no mfa for [email protected] on Office 365 Exchange Online with browser auth from 80.90.100.110 on windows no mfa

no mfa for [email protected] on Office 365 Exchange Online with browser auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae no mfa

no mfa for [email protected] on Office 365 Exchange Online with browser auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae on windows no mfa

no mfa for [email protected] on Office 365 Exchange Online with mobileAppsAndDesktopClients auth from 111.222.111.222 no mfa

no mfa for [email protected] on Office 365 Exchange Online with mobileAppsAndDesktopClients auth from 111.222.111.222 on windows no mfa

no mfa for [email protected] on Office 365 Exchange Online with mobileAppsAndDesktopClients auth from 80.90.100.110 no mfa

no mfa for [email protected] on Office 365 Exchange Online with mobileAppsAndDesktopClients auth from 80.90.100.110 on windows no mfa

no mfa for [email protected] on Office 365 Exchange Online with mobileAppsAndDesktopClients auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae no mfa

no mfa for [email protected] on Office 365 Exchange Online with mobileAppsAndDesktopClients auth from 2aa:1810:513:b900:29f6:eab8:d3ab:e1ae on windows no mfa

no mfa for [email protected] on Office 365 Exchange Online with legacy auth from 111.222.111.222 no mfa