Skip to content

policy-all-users-require-terms-of-use.md

Latest commit

 

History

History
67 lines (48 loc) · 3.78 KB

policy-all-users-require-terms-of-use.md

File metadata and controls

67 lines (48 loc) · 3.78 KB
title Require Terms of Use at sign-in to Microsoft Admin Portals
description How to require terms of use acceptance before access to selected cloud apps is granted with Microsoft Entra Conditional Access.
ms.topic how-to
ms.date 03/24/2026
ms.reviewer

Require terms of use to be accepted before accessing Microsoft Admin Portals

Overview

Organizations might want to require users to accept terms of use (ToU) before accessing certain applications in their environment. This example helps you create a policy requiring terms of use to be accepted as part of the initial sign in process for administrators who access any of the Microsoft Admin Portals.

Create your terms of use

This section provides you with the steps to create a sample terms of use document. When you create a terms of use document, you select a value for Enforce with Conditional Access policy templates. Selecting Custom policy opens a dialog to create a new Conditional Access policy as soon as your terms of use is created.

  1. Create a new terms of use document and save it as a PDF file.
  2. Sign in to the Microsoft Entra admin center as at least a Conditional Access Administrator.
  3. Browse to Entra ID > Conditional Access > Terms of use.
  4. In the menu on the top, select New terms.
  5. In the Name textbox, provide a name for your terms of use policy.
  6. Upload your terms of use PDF file.
    1. Select your default language.
    2. In the Display name textbox, type the name you want to be displayed.
  7. For Require users to expand the terms of use, select On.
  8. For Enforce with Conditional Access policy templates, select Custom policy.
  9. Select Create.

Create a Conditional Access policy

This section shows how to create the required Conditional Access policy.

To configure your Conditional Access policy:

  1. Give your policy a name. Create a meaningful standard for the names of your policies.
  2. Under Assignments, select Users or workload identities.
    1. Under Include, select All users.
    2. Under Exclude, select Users and groups and choose your organization's emergency access or break-glass accounts.
  3. Under Target resources > Resources (formerly cloud apps), select the following options:
    1. Under Include, choose Select resources.
    2. Select Microsoft Admin Portals, and then choose Select.
  4. Under Access controls, select Grant.
    1. Select Grant access.
    2. Select the terms of use you created previously and choose Select.
  5. Confirm your settings and set Enable policy to Report-only.
  6. Select Create to enable your policy.

[!INCLUDE conditional-access-report-only-mode]

Test your Conditional Access policy

In the previous section, you created a Conditional Access policy requiring terms of use be accepted when accessing any of the Microsoft Admin Portals.

To test your policy, try to sign in to the Microsoft Entra admin center using a test account. You should see a dialog that requires you to accept your terms of use.

User exclusions

[!INCLUDE active-directory-policy-exclusions]

Related content

Microsoft Entra terms of use

Conditional Access templates

Use report-only mode for Conditional Access to determine the results of new policy decisions.