Zero Trust for SaaS Apps w/Office365

I’m trying to use Zero Trust for SaaS Apps with Azure AD to do risk assessments against clients accessing Office 365. Are there any instructions I can follow? Can anyone confirm this works? I’m ending up in a loop, so I must have misconfigured something.