# Step 4 -aMAM- Add Conditional Access Policy
The next step in this quick guide is to create a Conditional Access Policy in Microsoft Intune.\
It is possible to add SCA to your existing Conditional Access Policies for Office 365.
{% hint style="success" %}
For more information about Conditional Access, you can check Microsoft Docs\
[What is Conditional Access in Azure Active Directory? | Microsoft Docs](https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/overview)
{% endhint %}
\
The following steps are required to implement Conditional Access for our App:
3.1 - *Include* your SCA-Testgroup to **Users and Groups**
*3.2 - Include the apps* **Office 365** and **Provectus - Secure Contacts** as **Cloud Apps**
3.3 - Set **Require app protection policy** as *Grant* in the *Access controls* pane\
\
3.4 - Turn your Conditional Access Policy **ON**
{% hint style="warning" %}
**Office 365** as Cloud App will affect other Apps on your Mobile device, like Outlook, OneDrive & Teams etc.
According to Microsoft, it is **mandatory** to target **Office 365** and **Secure Contacts** as Cloud App in your Conditional Access Policy in order to correctly implement SCA.\
It is required to add **Office 365** as Cloud App, because our Enterprise Application\
(Provectus - Secure Contacts) is using its data source.
Be aware: You cannot exclude these Cloud Apps or separate them in different Conditional Access policies!
{% endhint %}
Once *Conditional Access* enforces *App Protection Policies*, the next step is to create an \
\&#xNAN;*App Configuration Policy* in Endpoint Manager in order to add a license for SCA.
{% hint style="success" %}
If you have any questions regarding Conditional Access and how this will affect your Azure environment, do not hesitate to [contact us](https://secure-contacts.com/en/kontakt-beratung/) for support.
{% endhint %}
