cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Updates to Azure AD Terms of Use functionality within conditional access
By
Alex Simons (AZURE)
Published Dec 10 2018 09:00 AM 12.8K Views
Alex Simons (AZURE)
Microsoft
‎Dec 10 2018 09:00 AM

Updates to Azure AD Terms of Use functionality within conditional access

‎Dec 10 2018 09:00 AM

Howdy folks,

 

Today, I am excited to announce the release of two new features for Azure Active Directory (Azure AD) Terms of Use that provide more granular reports and flexibility with Terms of Use scheduling. Previously, users only had to consent to a Terms of Use once. Based on feedback from our customers, you now have the option to require each user to consent on each device. We also added support to expire consents on a regular schedule.

 

I’m also pleased to introduce new Terms of Use scenarios for B2B guests, Azure Information Protection, and Microsoft Intune. These features are now in public preview for Azure AD Premium customers. Read on for details on both our new features and these scenarios.

 

Require each user to consent on each device

Previously, each user only had to consent to a Terms of Use one time. We heard feedback that the current report—showing which user consent to which Terms of Use and when—was not sufficient and that more granularity for HBI resources was needed. Going forward, you can require each user to consent on each device.

 

Terms of Use showing new consent option.Terms of Use showing new consent option.

Terms of Use consents for device.Terms of Use consents for device.

Expire consents on a regular schedule

For customers who have a compliance requirement or regulation requiring users to consent to a Terms of Use on a recurring basis, we added support to expire consents on a regular schedule. Now, you can configure consents to expire on a per user schedule and/or a per Terms of Use schedule.

 

New Terms of Use schedule option.New Terms of Use schedule option.

Terms of Use consents.Terms of Use consents.

 

New scenarios for B2B guests, Azure Information Protection, and Intune

We also added three new scenarios of Azure AD Terms of Use:

  • Terms of Use for B2B guests—Most organizations have a process in place (whether it’s good or bad) for their employees to consent to their organization's terms of use and privacy statements. But how can you enforce the same consents for B2B guests when they’re added via SharePoint or Microsoft Teams? Using conditional access and Terms of Use you can now enforce a policy directly towards B2B guest users. During the invitation redemption flow, the user is presented with the terms of use.

Updates to Azure AD Terms of Use 5.png

 

  • Terms of Use for Azure Information Protection—Now, you can configure a conditional access policy to the Azure Information Protection app and require a terms of use when a user accesses a protected document. This will trigger a terms of use prior to a user accessing a protected document for the first time.

Terms of Use for Azure Information Protection.Terms of Use for Azure Information Protection. 

Terms of Use for Intune enrollment.Terms of Use for Intune enrollment.

Check out the documentation on how to set up and configure Azure AD Terms of Use. Let us know what you think in the comments below. As always, we’d love to hear any feedback or suggestions you have.

 

 

Best regards,

Alex Simons (@Alex_A_Simons )

Corporate VP of Program Management

Microsoft Identity Division

7 Comments
Alexey Goncharov
Iron Contributor
‎Dec 10 2018 09:28 AM
‎Dec 10 2018 09:28 AM
Great news, indeed! I'm wondering whether it's feasible to get terms of use for each user on his/her native language based on certain pre-defined configurable parameters? For instance, if user's language settings are set to Spanish or Chinese, then show them terms of use either on their preferred language or at least use both English version and translated version.
0 Likes
Like
Joe Castellanos
Microsoft
‎Dec 10 2018 10:49 AM
‎Dec 10 2018 10:49 AM

Hey Alexey,

 

An admin can upload multiple PDF documents and tag those documents with a corresponding language (up to 108). When end user signs in we look at the end users browser language preference and display the matching PDF, if there is no match we will display the default.

 

Thanks,

Joe

Simran Kaur Gill
Copper Contributor
‎Dec 11 2018 06:06 AM
‎Dec 11 2018 06:06 AM

Hi, it's exciting to see the new updates.  The question I have is around the mention of Terms of Use for B2B Guests.   This is already available today via Conditional Access policies, I'd like to understand what has changed in the release mentioned above.  Does the TOU now appear at a different point in the flow, as the invitation redemption flow is mentioned?

 

 

 

0 Likes
Like
Joe Castellanos
Microsoft
‎Dec 11 2018 10:18 AM
‎Dec 11 2018 10:18 AM

Hi Simran,

 

The TOU would still appear in the same place during the B2B invitation redemption flow, but the new update is referring to leveraging the new "all guests" setting within conditional access rather then having to build a dynamic group.

 

Thanks,

Joe

 

0 Likes
Like
Mario Ferrante
Copper Contributor
‎Jan 08 2019 03:37 AM
‎Jan 08 2019 03:37 AM

This is a welcome change and we have begun piloting the Terms of Use acceptance CA policy during Intune enrollment with a few users. The biggest issue we have so far is scaling of the terms. We enforce users to expand the terms before they can accept, but many are complaining that the scaling of the text does not allow it to be easily read on mobile devices. Is there any way to fix that?

Joni_Nieminen
Copper Contributor
‎Jul 23 2019 06:45 AM
‎Jul 23 2019 06:45 AM

@Alex Simons (AZURE)do you have any ideas on how to leverage ToU for when users login to their Windows 10 devices? This would be a perfect tool with all it's audit logging etc. but currently it seems to be usable only in certain cloud apps via Conditional Access.

 

Any roadmap/(private) preview for such a feature?

rommel-caballero
Copper Contributor
‎Jan 24 2023 02:34 PM
‎Jan 24 2023 02:34 PM

Is it possible for the end-user to receive copies of the ToU that they agreed on?

Also, how do we automate a stats report that HR can receive on who signed the ToU?

0 Likes
Like
Version history
Last update:
‎Jul 24 2020 01:47 AM
Updated by: