Share via

Entra policy -- enable vs report only

Eben Walker 0 Reputation points
2025-11-19T16:17:28.3433333+00:00

simple question -- when the enable policy is showing

User's image

does that mean report only is on and the policy is NOT enabled?

Is this confusing to others?

Microsoft Security | Microsoft Entra | Microsoft Entra Internet Access
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marcin Policht 68,615 Reputation points MVP Volunteer Moderator
    2025-11-19T19:43:33.6533333+00:00

    To enable Report-only functionality, you would select Report-only. The On setting applies policy and provides reporting functionality.

    Effectively, the screenshot you provided, indicates that the policy IS enabled.

    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    hth

    Marcin

    0 comments
  2. Rukmini 11,320 Reputation points Microsoft External Staff Moderator
    2025-11-20T11:52:20.5+00:00

    Hello Eben Walker,

    Admins can test Conditional Access policies in Report-only mode without enforcing them.

    When a policy is set to report only:

    • Results are displayed in Sign-in logs → Conditional Access / Report-only. It is evaluated during sign-in but not enforced
    • You may track the impact using Conditional Access Insights (Azure Monitor) Therefore, the policy is currently in Report-only mode and NOT enabled.

    Reference:

    Conditional Access Policy Insights: Monitoring and Evaluation - Microsoft Entra ID | Microsoft

    If the resolution was helpful, kindly take a moment to accept the answer and upvote it 👍 it as a token of appreciation.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.