Unit 5: Exercise – Add Terms of Use Acceptance Report
What are Terms of Use in Entitlement Management?
Microsoft Entra Terms of Use (ToU) allow organizations to require users to acknowledge legal or compliance documents before accessing resources governed by entitlement management or Conditional Access.
Terms of Use are commonly used to:
- Enforce End User License Agreements (EULA).
- Capture legal or compliance acceptance.
- Apply additional controls to sensitive applications or data.
- Support audits by tracking acceptance history.
Key characteristics of Terms of Use
- Terms of Use are uploaded as PDF documents.
- Any content can be used, including contracts or internal policies.
- The recommended font size is 24 pt for mobile readability.
- Acceptance is recorded and auditable.
- Terms of Use are enforced using Conditional Access.
- Users must accept the terms before access is granted.
Exercise: Add Terms of Use
Step 1: Open Terms of Use configuration
- Sign in to the Microsoft Entra admin center as a Global Administrator.
- Open ID Governance.
- In the left navigation, select Entitlement management.
- Under Terms of use, select Terms of use.
- Select + New terms.
Step 2: Configure basic Terms of Use details
- In the Name field, enter:
Testing terms of use.
This name is for administrators only.
- In the Display name field, enter:
Contoso Terms of Use.
This is the title users see during sign-in.
- Select Terms of use document, browse to your finalized PDF, and upload it.
For testing, any PDF can be used.
- Select the Language for the document.
- You can upload multiple language versions.
- The version shown to users is based on browser language preferences.
Step 3: Configure user experience settings
- Set Require users to expand the terms of use to On.
This ensures users must open the document before accepting.
- Set Require users to consent on every device to On if required.
⚠️ Warning
Enabling consent on every device requires each device to be registered in Microsoft Entra ID.
This can block access if device registration is not in place.
Step 4: Configure expiration and reacceptance (optional but exam-important)
- Set Expire consents to On to enforce periodic reacceptance.
- Configure:
- Expire starting on (today or a future date).
- Frequency (for example, Monthly).
Example behavior (Expire starting on + Monthly)
| User | First accept | First expire | Second expire |
|---|
| Alice | Jan 1 | Feb 1 | Mar 1 |
| Bob | Jan 15 | Feb 1 | Mar 1 |
Step 5: Configure duration-based reacceptance (alternative)
- Set Duration before reacceptance requires (days).
This enforces reacceptance based on each user’s acceptance date.
Example (30-day duration)
| User | First accept | First expire | Second expire |
|---|
| Alice | Jan 1 | Jan 31 | Mar 2 |
| Bob | Jan 15 | Feb 14 | Mar 16 |
Step 6: Link Conditional Access policy
- Under Conditional Access, select Custom policy.
- Select Create.
Step 7: Create the Conditional Access policy
You are redirected to the Conditional Access configuration.
- Enter policy name: Enforce ToU.
- Under Assignments, select Users and groups.
- On the Include tab, select Users and groups.
- Select a test user account.
⚠️ Important
Do not lock yourself out. Always ensure a break-glass admin account exists.
- Select Cloud apps or actions.
- Choose All cloud apps.
- Under Access controls, select Grant.
- Select Testing terms of use.
- Select Enable policy = On.
- Select Create.
Step 8: User experience validation
- When the user signs in, they are prompted to accept the Terms of Use.
- Access is blocked until acceptance is completed.
- The prompt appears again based on expiration settings.
View acceptance and decline reports
View acceptance status
- Go to ID Governance → Terms of use.
- Locate your Terms of Use.
- Select the Accepted or Declined count.
View per-user history
- Select the ellipsis (⋯) next to a user.
- Select View history.
- Review:
- Accepts.
- Declines.
- Expirations.
This history is retained for the life of the Terms of Use.
How users review accepted Terms of Use
- Browse to https://myaccount.microsoft.com.
- Sign in as the user.
- Select View settings and privacy.
- Open the Privacy tab.
- Under Organization’s notice, review accepted Terms of Use.
Edit Terms of Use details (limitations)
You cannot modify an existing document directly.
Editable fields
- Internal name.
- Display name.
- Require expand setting.
- Consent on every device.
- Expiration settings.
- Conditional Access policy.
Update document version
- Select the Terms of Use.
- Select Edit terms.
- In Language options, select Update.
- Upload new PDF.
- Choose whether to require reacceptance.
- Select Add.
Only users who have not accepted or whose consent expired will see the new version unless reacceptance is enforced.