# Step 3 -iMAM- Add Conditional Access Policy

The next step in this quick guide is to create a Conditional Access Policy in Microsoft Intune.\
It is possible to add SCA to your existing Conditional Access Policies for Office 365.<br>

{% hint style="success" %}
For more information about Conditional Access, you can check Microsoft Docs\
[What is Conditional Access in Azure Active Directory? | Microsoft Docs](https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/overview)
{% endhint %}

\
The following steps are required to implement Conditional Access for our App:

&#x20;3.1 - *Include* your SCA-Testgroup to **Users and Groups**<br>

<div align="left"><figure><img src="/files/9bzTpuci6UrN4D8gc1Jw" alt=""><figcaption></figcaption></figure></div>

*3.2 - Include the apps* **Office 365** and **Provectus - Secure Contacts** as **Cloud Apps**

<div align="left"><figure><img src="/files/jBHsdSl6JUEjflQUY0iI" alt=""><figcaption></figcaption></figure></div>

3.3 - Set **Require app protection policy** as *Grant* in the *Access controls* pane\
\
![](/files/kkwiSmKHNignIlLXBZoe)<br>

3.4 - Turn your Conditional Access Policy **ON**<br>

{% hint style="warning" %}
**Office 365** as Cloud App will affect other Apps on your Mobile device, like Outlook, OneDrive & Teams etc.

According to Microsoft, it is **mandatory** to target **Office 365** and **Secure Contacts** as Cloud App in your Conditional Access Policy in order to correctly implement SCA.\
It is required to add **Office 365** as Cloud App, because our Enterprise Application\
(Provectus - Secure Contacts) is using its data source.<br>

Be aware: You cannot exclude these Cloud Apps or separate them in different Conditional Access policies!
{% endhint %}

Once *Conditional Access* enforces *App Protection Policies*, the next step is to create an \
\&#xNAN;*App Configuration Policy* in Endpoint Manager in order to add a license for SCA.<br>

{% hint style="success" %}
If you have any questions regarding Conditional Access and how this will affect your Azure environment, do not hesitate to [contact us](https://secure-contacts.com/en/kontakt-beratung/) for support.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.secure-contacts.com/quickstart-guide/ios-mam-steps-to-activate-sca-in-your-azure-tenant/step-3-add-conditional-access-policy.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.