![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 0%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES2%3C/text%3E%3C/svg%3E)
Microsoft Identity Manager
A family of Microsoft products that manage a user's digital identity using identity synchronization, certificate management, and user provisioning.
649 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
@ShashankSaxena-2458 Thank you for reaching out to us, As I understand you want to implement Conditional Access Policy for users using Certificate Based Authentication.
You can achieve this using authentication strength, though we have built-in authentication strengths however you can create a custom authentication strength - https://video2.skills-academy.com/en-us/entra/identity/authentication/concept-authentication-strengths#:~:text=policyType%20eq%20%27builtIn%27-,Custom%20authentication%20strengths,-In%20addition%20to use the same in the Grant controls section of conditional access policy.
Refer to this https://hmaslowski.com/f/azure-ad-certificate-based-authentication-cba-in-public-preview where similar requirement has been deployed.
Also, make sure you test this with pilot users/report only mode, before setting up in production.
Let me know if you have any further questions, feel free to post back.
Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.