Conditional access is functionality within Azure Active Directory that will enforce varying levels of authentication requirements depending on where the user is logging in from.
Factors such as which device the user is using, what browser, and what location can be factored into the decision. These are described as signals in their documentation.
Depending on the signals, more or less identity checks can be performed. If, for example, a user is within an office campus, full access may be granted automatically, but if a user is signing in from an unexpected country, access may be blocked entirely.