The Entra ID (formerly Azure Active Directory) Conditional Access “What If” tool is essential for troubleshooting and validating policy impacts—especially when onboarding or supporting CoreView service accounts and management users.
Why use the “What if” tool?
By leveraging the “What If” tool, you can quickly identify which Conditional Access policies block access to CoreView service accounts:
coreview.reports<randomicnumber>@<onmicrosoft domain>or to our management user:
4ward365.admin@<onmicrosoft domain>You will find the What If tool on the “Policies” page in the Microsoft Entra admin center.
How to use the What If tool:
Step 1: open the What If tool
Navigate to Microsoft Entra admin center > Policies and click “What If” in the top menu.
Step 2: choose the User
In the “Identity” section, select the CoreView service or management account you need to test (e.g., coreview.reports<randomicnumber>@<onmicrosoft domain>).
Step 3: specify the Target Application
- Select the user actions or the Cloud apps your service account will access.
- For Cloud apps, click the “+ Select cloud app” button and choose the desired app from the list.
Step 4: choose the Platform and Client app
- Select the device platform and client app matching how your service account connects.
You can obtain information about the “Sign-in conditions” by navigating to the Sign-in events page in the Microsoft Entra admin center. Review the sign-in details for your management user to find the information needed for the required fields.
Step 5: Set IP Address and Location
- IP Address: enter the IP address associated with the CoreView data center being accessed (please refer to the list below).
- Location: choose the corresponding location.
| For the… | Choose… | IP addresses |
|---|---|---|
| Europe Data center | Ireland | Azure CCC (EU) |
| USA Data center | Virginia | Azure CCC (US East) |
| Canadian Data Center | Quebec City | Azure CCC (Canada East) |
| GOV Data center | Virginia | Azure CCC (US East) |
| Australian Data center | New South Wales | Azure AUS (Australia) |
List of IP addresses
Data centers and IPs
If you need the list of CoreView's data centers and related IPs, we can provide you with a detailed table.
You can request the table from your designated Technical Account Manager or by contacting support.
Step 6: Run the simulation
Click “What if” at the bottom to simulate a login attempt with your chosen options.
Understanding the Evaluation Results
The “What If” tool will display Conditional Access policies in two categories:
- Policies that will apply: these policies will be evaluated and enforced under your selected conditions.
- Policies that will not apply: these that will not affect the login scenario—commonly shown if the account is excluded, or if conditions (such as MFA requirements) do not match the simulation.
Key scenarios:
- Testing from IPs outside CoreView: expect relevant Conditional Access policies to apply, such as those blocking non-allowed network locations.
- Testing from CoreView data center IPs: CoreView’s own policies may not apply, or be shown as “will not apply.”
Best practice
Customer policies mandating MFA or requiring compliant device should not apply to CoreView service accounts—these accounts should always be excluded from such restrictions.
If your account is being blocked:
Identify the Conditional Access policy responsible and consult Microsoft documentation or contact your CoreView representative for support.