Checking the documentation on this link :
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-baseline-protection#

I see that activating Baseline policy for End Users is "Free" . That's so good, but, i need to clarify what happens if we need to create a specific custom policy in order to Exclude some PowerUsers. Reading this documentation we need to add a AD P1 to those "Powerusers" in order to apply a custom Policy. But we want to maintain the Baseline Policy for all other users ( because is free ). How about this combination of policies ? If a PowerUser has applied both policies ( Baseline and Custom ) the Custom policy will win always ? also, it's a supported scenario to have the Base Line policy applied and use several Custom policies managed a AD P1 for those users ?

It will be interesting to add this scenario to the Documentation, as we have several clients asking for this :).

Thanks !

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: 53ea4e70-2931-8691-e9cc-13c72b514d9c
• Version Independent ID: c1aa4a8f-16b2-79ac-edb1-8a87f51a3f7b
• Content: Conditional Access baseline protection policies - Azure Active Directory
• Content Source: articles/active-directory/conditional-access/concept-baseline-protection.md
• Service: active-directory
• Sub-service: conditional-access
• GitHub Login: @MicrosoftGuyJFlo
• Microsoft Alias: joflore