Updates to Azure AD Terms of Use functionality within conditional access

Microsoft

Dec 10, 2018

Howdy folks,

Today, I am excited to announce the release of two new features for Azure Active Directory (Azure AD) Terms of Use that provide more granular reports and flexibility with Terms of Use scheduling. Previously, users only had to consent to a Terms of Use once. Based on feedback from our customers, you now have the option to require each user to consent on each device. We also added support to expire consents on a regular schedule.

I’m also pleased to introduce new Terms of Use scenarios for B2B guests, Azure Information Protection, and Microsoft Intune. These features are now in public preview for Azure AD Premium customers. Read on for details on both our new features and these scenarios.

Require each user to consent on each device

Previously, each user only had to consent to a Terms of Use one time. We heard feedback that the current report—showing which user consent to which Terms of Use and when—was not sufficient and that more granularity for HBI resources was needed. Going forward, you can require each user to consent on each device.

Expire consents on a regular schedule

For customers who have a compliance requirement or regulation requiring users to consent to a Terms of Use on a recurring basis, we added support to expire consents on a regular schedule. Now, you can configure consents to expire on a per user schedule and/or a per Terms of Use schedule.

New Terms of Use schedule option.

New scenarios for B2B guests, Azure Information Protection, and Intune

We also added three new scenarios of Azure AD Terms of Use:

Terms of Use for B2B guests—Most organizations have a process in place (whether it’s good or bad) for their employees to consent to their organization's terms of use and privacy statements. But how can you enforce the same consents for B2B guests when they’re added via SharePoint or Microsoft Teams? Using conditional access and Terms of Use you can now enforce a policy directly towards B2B guest users. During the invitation redemption flow, the user is presented with the terms of use.

Terms of Use for Azure Information Protection—Now, you can configure a conditional access policy to the Azure Information Protection app and require a terms of use when a user accesses a protected document. This will trigger a terms of use prior to a user accessing a protected document for the first time.

Terms of Use for Intune—You also now have the ability to target the Terms of Use to the Intune enrollment app. This will display the Terms of Use prior to the enrollment of a device in Intune.
Read Choosing the right Terms of Use solution for your organization to learn more.

Check out the documentation on how to set up and configure Azure AD Terms of Use. Let us know what you think in the comments below. As always, we’d love to hear any feedback or suggestions you have.

Best regards,

Alex Simons (@Alex_A_Simons )

Corporate VP of Program Management

Microsoft Identity Division

Updated Jul 24, 2020

Version 10.0

Product Announcements

Alex_Simons

Microsoft

Joined May 01, 2017

View Profile

Microsoft Entra Blog

Stay informed on how to secure access for employees, customers, and non-human identities, from anywhere, to multicloud and on-premises resources, with comprehensive identity and network access solutions powered by AI.

7 Comments

rommel-caballero
Copper Contributor
Jan 24, 2023
Is it possible for the end-user to receive copies of the ToU that they agreed on?
Also, how do we automate a stats report that HR can receive on who signed the ToU?
Joni_Nieminen
Copper Contributor
Jul 23, 2019
Alex_Simonsdo you have any ideas on how to leverage ToU for when users login to their Windows 10 devices? This would be a perfect tool with all it's audit logging etc. but currently it seems to be usable only in certain cloud apps via Conditional Access.

Any roadmap/(private) preview for such a feature?
Mario Ferrante
Copper Contributor
Jan 08, 2019
This is a welcome change and we have begun piloting the Terms of Use acceptance CA policy during Intune enrollment with a few users. The biggest issue we have so far is scaling of the terms. We enforce users to expand the terms before they can accept, but many are complaining that the scaling of the text does not allow it to be easily read on mobile devices. Is there any way to fix that?
Joe Castellanos
Microsoft
Dec 11, 2018
Hi Simran,

The TOU would still appear in the same place during the B2B invitation redemption flow, but the new update is referring to leveraging the new "all guests" setting within conditional access rather then having to build a dynamic group.

Thanks,

Joe
Simran Kaur Gill
Copper Contributor
Dec 11, 2018
Hi, it's exciting to see the new updates. The question I have is around the mention of Terms of Use for B2B Guests. This is already available today via Conditional Access policies, I'd like to understand what has changed in the release mentioned above. Does the TOU now appear at a different point in the flow, as the invitation redemption flow is mentioned?
Joe Castellanos
Microsoft
Dec 10, 2018
Hey Alexey,

An admin can upload multiple PDF documents and tag those documents with a corresponding language (up to 108). When end user signs in we look at the end users browser language preference and display the matching PDF, if there is no match we will display the default.

Thanks,

Joe
Alexey Goncharov
Iron Contributor
Dec 10, 2018
Great news, indeed! I'm wondering whether it's feasible to get terms of use for each user on his/her native language based on certain pre-defined configurable parameters? For instance, if user's language settings are set to Spanish or Chinese, then show them terms of use either on their preferred language or at least use both English version and translated version.

Blog Post

Updates to Azure AD Terms of Use functionality within conditional access

Require each user to consent on each device

Expire consents on a regular schedule

New scenarios for B2B guests, Azure Information Protection, and Intune