Home
%3CLINGO-SUB%20id%3D%22lingo-sub-688423%22%20slang%3D%22en-US%22%3ERe%3A%20Conditional%20Access%20is%20now%20part%20of%20Microsoft%20365%20Business!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-688423%22%20slang%3D%22en-US%22%3E%3CP%3EI%20just%20have%20to%20say%2C%20this%20is%20one%20of%20the%20best%20news%20for%20Microsoft%20365%20Business%20ever.%20Finally%20this%20SKU%20is%20something%20we%20can%20truly%20sell%20with%20confidence%20to%20anyone%20within%20the%20space%20below%20300%20seats.%20Thank%20you.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-688479%22%20slang%3D%22en-US%22%3ERe%3A%20Conditional%20Access%20is%20now%20part%20of%20Microsoft%20365%20Business!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-688479%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20is%20really%20huge%20improvement!%20I%20have%20a%20lot%20of%20customer%20which%20this%20announcement%20make%20them%20happy.%20Thanks.%20%3Athumbs_up%3A%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-688491%22%20slang%3D%22en-US%22%3ERe%3A%20Conditional%20Access%20is%20now%20part%20of%20Microsoft%20365%20Business!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-688491%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20quite%20literally%20made%20my%20day.%20Thank%20you%20again%20Ashanka%2C%20your%20dedication%20to%20this%20product%20and%20going%20to%20bat%20for%20the%20SMB%20is%20very%20much%20appreciated.%20I%20am%20going%20to%20throw%20a%20party%2C%20I%20think...%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-688519%22%20slang%3D%22en-US%22%3ERe%3A%20Conditional%20Access%20is%20now%20part%20of%20Microsoft%20365%20Business!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-688519%22%20slang%3D%22en-US%22%3E%3CP%3EOutstanding%20news!%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-688656%22%20slang%3D%22en-US%22%3ERe%3A%20Conditional%20Access%20is%20now%20part%20of%20Microsoft%20365%20Business!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-688656%22%20slang%3D%22en-US%22%3E%3CP%3E%3CIMG%20id%3D%22smileyhappy%22%20class%3D%22emoticon%20emoticon-smileyhappy%22%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Fi%2Fsmilies%2F16x16_smiley-happy.png%22%20alt%3D%22Smiley%20Happy%22%20title%3D%22Smiley%20Happy%22%20%2F%3E%20This%20is%20very%20good%20news!%20This%20%22package%22%20will%20be%20a%20Hit%20this%20year%20among%20the%20solution%20for%20SMB%20market.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-688763%22%20slang%3D%22en-US%22%3ERe%3A%20Conditional%20Access%20is%20now%20part%20of%20Microsoft%20365%20Business!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-688763%22%20slang%3D%22en-US%22%3E%3CP%3EGreat%20News!!!%26nbsp%3B%3C%2FP%3E%0A%3CP%3EA%20game%20changer%20in%20security%20for%20Small%20and%20Medium%20Business%20space.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-689047%22%20slang%3D%22en-US%22%3ERe%3A%20Conditional%20Access%20is%20now%20part%20of%20Microsoft%20365%20Business!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-689047%22%20slang%3D%22en-US%22%3E%3CP%3ENow%20please%20add%20GPO%20capability%20to%20the%20Office%20that%20comes%20with%20M365B%2C%20that%20would%20be%20smashing.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-689180%22%20slang%3D%22en-US%22%3ERe%3A%20Conditional%20Access%20is%20now%20part%20of%20Microsoft%20365%20Business!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-689180%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F341755%22%20target%3D%22_blank%22%3E%40WelshWizard%3C%2FA%3E%2C%20what%20features%20from%20GPO%20are%20you%20wanting%3F%20Anything%20in%20particular%20that%20you%20can%E2%80%99t%20achieve%20with%20Intune%3F%20Note%20that%20GPO%E2%80%99s%20apply%20specifically%20to%20ProPlus%2C%20but%20Intune%20can%20be%20used%20to%20deploy%20and%20manipulate%20several%20settings%20in%20Office%2C%20including%20Business%20edition.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-689462%22%20slang%3D%22en-US%22%3ERe%3A%20Conditional%20Access%20is%20now%20part%20of%20Microsoft%20365%20Business!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-689462%22%20slang%3D%22en-US%22%3E%3CP%3EFantastic%20news%20and%20really%20makes%20this%20SKU%20a%20easy%20choice%20for%20most%20SMBs.%20Thanks!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-690596%22%20slang%3D%22en-US%22%3ERe%3A%20Conditional%20Access%20is%20now%20part%20of%20Microsoft%20365%20Business!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-690596%22%20slang%3D%22en-US%22%3E%3CP%3EDoes%20that%20include%20the%20GCC%20license%20platforms%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-684063%22%20slang%3D%22en-US%22%3EConditional%20Access%20is%20now%20part%20of%20Microsoft%20365%20Business!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-684063%22%20slang%3D%22en-US%22%3E%3CP%3EOver%20the%20past%20several%20months%20you%E2%80%99ve%20told%20us%20that%20adding%20Conditional%20Access%20to%20Microsoft%20365%20Business%20would%20help%20it%20secure%20SMB%20customers%20more%20comprehensively.%20Today%2C%20we%20are%20excited%20to%20announce%20the%20availability%20of%20Conditional%20Access%20for%20Microsoft%20365%20Business%20subscribers%2C%20enabling%20small%20and%20medium-sized%20businesses%20to%20enforce%20granular%20control%20on%20how%20company%20resources%20are%20accessed.%20Conditional%20Access%20policies%20and%20configurations%20available%20to%20Microsoft%20365%20Business%20subscribers%20are%20the%20same%20as%20those%20available%20to%20Azure%20Active%20Directory%20Premium%20P1%20subscribers.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhy%20is%20Conditional%20Access%20important%3F%3CBR%20%2F%3EAre%20you%20concerned%20that%20employees%20at%20your%20company%20can%20access%20sensitive%20business%20data%20from%20mobile%20phones%20and%20personal%20or%20home%20devices%20that%20have%20no%20oversight%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAre%20you%20concerned%20that%20employees%20are%20downloading%20company%20data%20to%20personal%20apps%20and%20storage%20locations%20that%20cannot%20be%20wiped%20when%20they%20leave%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDo%20you%20want%20to%20ensure%20that%20employees%20can%20only%20access%20your%20network%20from%20certain%20locations%20and%20block%20access%20from%20other%20locations%3F%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%3EConditional%20Access%20helps%20you%20do%20exactly%20that!%20By%20configuring%20Conditional%20Access%20policies%20you%20can%20maintain%20control%20over%20how%20and%20where%20your%20company%20data%20is%20accessed%2C%20making%20your%20business%20more%20secure.%20You%20can%20define%20exact%20criteria%20for%20who%20can%20gain%20access%20and%20block%20those%20who%20don't%20meet%20the%20criteria.%20The%20criteria%20can%20be%20based%20on%20factors%20like%20the%20type%20of%20device%2C%20app%20and%20location.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBenefits%20of%20Conditional%20Access%3CBR%20%2F%3EThere%20was%20a%20time%20when%20it%20seemed%20like%20keeping%20business%20data%20behind%20a%20firewall%20in%20your%20office%20network%20and%20limiting%20access%20from%20the%20outside%20world%20was%20enough%20to%20protect%20your%20business.%20Today%2C%20company%20information%20is%20in%20the%20cloud%20and%20you%20need%20a%20way%20to%20provide%20employees%20with%20options%20to%20access%20it%20from%20a%20variety%20of%20locations%20and%20devices.%20Conditional%20Access%26nbsp%3Benables%20Zero%20Trust%20security%2C%20helping%20you%20provide%20this%20access%20while%20maintaining%20control%20over%20%E2%80%9Cwhere%2C%20when%20and%20who%E2%80%9D%20is%20connecting%20to%20your%20Office%20365%20environment%3B%20so%20you%20can%20protect%20company%20assets%20while%20also%20enabling%20employees%20to%20be%20productive%20from%20anywhere.%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%3EFor%20example%2C%20you%20can%20define%20a%20Conditional%20Access%20policy%20that%20evaluates%20sign-in%20connections%20from%20mobile%20devices%20to%20Exchange%20Online%2C%20and%20requires%20employees%20use%20Outlook%20for%20iOS%20and%20Android%20to%20successfully%20access%20their%20work%20email%20and%20calendar.%20This%20gives%20your%20organization%20the%20security%20and%20productivity%20advantages%20of%20an%20email%20and%20calendar%20app%20built%20specifically%20for%20the%20Office%20365%20cloud.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3C%2FP%3E%3CP%3EConditional%20Access%20and%20Azure%20Multi-Factor%20Authentication%3CBR%20%2F%3EMicrosoft%20365%20Business%20includes%20advanced%20Azure%20Multi-Factor%20Authentication%20(MFA)%20capabilities%20that%20you%20can%20configure%20together%20with%20Conditional%20Access%20policies%20in%20order%20to%20gain%20additional%20assurance%20that%20account%20logins%20are%20made%20by%20the%20account%E2%80%99s%20legitimate%20owner.%20For%20example%2C%20you%20could%20create%20a%20single%20policy%20that%20requires%20MFA%20when%20someone%20accesses%20from%20a%20location%20that%20is%20not%20trusted%20(for%20example%2C%20a%20country%20in%20which%20you%20don't%20do%20business%20in).%20This%20way%2C%20a%20user%20signing%20in%20from%20a%20known%20location%20can%20still%20gain%20access%20to%20company%20resources%20while%20a%20user%20signing%20in%20from%20an%20untrusted%20location%20will%20be%20required%20to%20verify%20their%20identity%20through%20MFA%20before%20getting%20access.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EEnabling%20Conditional%20Access%3CBR%20%2F%3EMicrosoft%20365%20Business%20customers%20can%20enable%20Conditional%20Access%20via%20the%20Azure%20Directory%20settings%20in%20the%20Azure%20portal.%20For%20more%20information%20on%20how%20to%20configure%20Conditional%20Access%20policies%2C%20please%20see%20the%20article%20What%20is%20Conditional%20Access.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMicrosoft%20365%20Business%3A%20A%20comprehensive%20security%20solution%20for%20SMBs%3CBR%20%2F%3EWith%20Microsoft%20365%20Business%2C%20you%20have%20access%20to%20a%20comprehensive%20security%20solution%20specifically%20designed%20and%20priced%20for%20organizations%20with%20less%20than%20300%20employees.%20Ever%20since%20the%20launch%20of%20Microsoft%20365%20Business%20in%20October%202017%2C%20we%E2%80%99ve%20been%20incorporating%20customer%20and%20partner%20feedback%20and%20evolving%20Microsoft%20365%20Business%20to%20meet%20the%20needs%20of%20a%20changing%20security%20landscape.%20For%20more%20information%20on%20the%20features%20available%20in%20Microsoft%20365%20Business%2C%20please%20refer%20to%20the%20Microsoft%20365%20Business%20Service%20Description%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFrequently%20Asked%20Questions%3A%3C%2FP%3E%3CP%3E1.%26nbsp%3B%20What%20features%20are%20included%20under%20Conditional%20Access%20in%20Microsoft%20365%20Business%3F%3C%2FP%3E%3CP%3EConditional%20Access%20policies%20and%20configurations%20available%20to%20Microsoft%20365%20Business%20subscribers%20are%20the%20same%20as%20those%20available%20to%20Azure%20Active%20Directory%20Premium%20P1%20subscribers.%3C%2FP%3E%3CP%3EThis%20includes%3A%3C%2FP%3EUser%20targeting%20based%20on%20username%2C%20group%20and%20role%20Per%20app%20targeting%20By%20location%20%E2%80%93%20only%20allow%20access%20from%20trusted%20IP%20ranges%20or%20specific%20countries%20By%20app%20type%20%E2%80%93%20browser%2C%20desktop%20%2F%20mobile%20apps%20using%20modern%20auth%20and%20legacy%20authentication%20Require%20MFA%20Require%20compliant%20or%20domain%20joined%20device%20Require%20apps%20using%20Intune%20app%20protection%20Custom%20authentication%20factors%20(custom%20controls)%20%E2%80%93%20MFA%20with%203rd%20party%20MFA%20providers%2C%20(e.g.%20DUO%20or%20RSA)%3CP%3E2.%26nbsp%3B%20Does%20this%20mean%20that%20Azure%20Active%20Directory%20Premium%20P1%20is%20now%20included%20in%20Microsoft%20365%20Business%3F%3C%2FP%3E%3CP%3ENo%2C%20Azure%20AD%20Premium%20P1%20(AADP%20P1)%20is%20not%20included%20in%20Microsoft%20365%20Business.%20Microsoft%20365%20Business%20subscribers%20are%20entitled%20to%20the%20AADP%20P1%20features%20most%20relevant%20to%20small%20and%20medium-sized%20businesses%3A%3C%2FP%3ESelf-service%20password%20reset%20for%20hybrid%20Azure%20Azure%20Multi-factor%20Authentication%20Conditional%20Access%3CP%3E3.%26nbsp%3B%20Is%20Conditional%20Access%20available%20to%20Office%20365%20Business%20Premium%20subscribers%3F%3C%2FP%3E%3CP%3ENo%2C%20Conditional%20Access%20is%20not%20available%20to%20Office%20365%20Business%20Premium%20subscribers%3B%20it%20is%20a%20Microsoft%20365%20Business%20entitlement.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E4.%26nbsp%3B%20When%20will%20Conditional%20Access%20be%20available%20to%20Microsoft%20365%20Business%20Subscribers%3F%3C%2FP%3E%3CP%3EConditional%20Access%20is%20already%20available%20for%20all%20Microsoft%20365%20Business%20subscribers.%20Customers%20can%20configure%20granular%20Conditional%20Access%20Policies%20via%20the%20Azure%20Active%20Directory%20Settings%20in%20the%20Azure%20Portal%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-684063%22%20slang%3D%22en-US%22%3E%3CP%3EToday%2C%20we%20are%20excited%20to%20announce%20the%20availability%20of%20Conditional%20Access%20for%20Microsoft%20365%20Business%20subscribers%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-SUB%20id%3D%22lingo-sub-691107%22%20slang%3D%22de-DE%22%3ESubject%3A%20Conditional%20Access%20is%20now%20part%20of%20Microsoft%20365%20Business!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-691107%22%20slang%3D%22de-DE%22%3E%3CP%3EHelpful%20Very%3C%2FP%3E%3CP%3ETHANKS%20to%20Microsoft%26nbsp%3B%3C%2FP%3E%3CBLOCKQUOTE%3E%3CHR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F143016%22%20target%3D%22_blank%22%3E%40Ashanka%20Iddya%3C%2FA%3E%20wrote%3A%3CBR%20%2F%3E%3CP%3EOver%20the%20past%20several%20months%20you've%20told%20us%20that%20adding%20Conditional%20Access%20to%20Microsoft%20365%20Business%20would%20help%20it%20secure%20SMB%20customers%20more%20comprehensively.%20Today%2C%20we%20are%20excited%20to%20announce%20the%20availability%20of%20Conditional%20Access%20for%20Microsoft%20365%20Business%20subscribers%2C%20enabling%20small%20and%20medium-sized%20businesses%20to%20enforce%20granular%20control%20on%20how%20company%20resources%20are%20accessed.%20Conditional%20Access%20policies%20and%20configurations%20available%20to%20Microsoft%20365%20Business%20subscribers%20are%20the%20same%20as%20those%20available%20to%20Azure%20Active%20Directory%20Premium%20P1%20subscribers.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EWhy%20is%20Conditional%20Access%20important%3F%3C%2FSTRONG%3E%3CBR%20%2F%3E%20Are%20you%20that%20concerned%20employees%20at%20your%20company%20can%20access%20sensitive%20business%20data%20from%20mobile%20phones%20and%20personal%20or%20home%20devices%20that%20have%20no%20oversight%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAre%20you%20that%20concerned%20employees%20are%20downloading%20company%20data%20to%20personal%20apps%20and%20storage%20locations%20that%20cannot%20be%20wiped%20when%20they%20leave%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDo%20you%20want%20to%20ensure%20that%20employees%20can%20only%20access%20your%20network%20from%20certain%20locations%20and%20block%20access%20from%20other%20locations%3F%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%3EConditional%20Access%20helps%20you%20do%20exactly%20that!%20By%20configuring%20Conditional%20Access%20policies%20you%20can%20maintain%20control%20over%20how%20and%20where%20your%20company%20data%20is%20accessed%2C%20making%20your%20business%20more%20secure.%20You%20can%20define%20exact%20criteria%20for%20who%20can%20gain%20access%20and%20block%20those%20who%20don't%20meet%20the%20criteria.%20The%20criteria%20can%20be%20based%20on%20factors%20like%20the%20type%20of%20device%2C%20app%20and%20location.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EBenefits%20of%20Conditional%20Access%3C%2FSTRONG%3E%3CBR%20%2F%3E%20There%20was%20a%20time%20when%20it%20seemed%20like%20keeping%20business%20data%20behind%20a%20firewall%20in%20your%20office%20network%20and%20limiting%20access%20from%20the%20outside%20world%20was%20enough%20to%20protect%20your%20business.%20Today%2C%20company%20information%20is%20in%20the%20cloud%20and%20you%20need%20a%20way%20to%20provide%20employees%20with%20options%20to%20access%20it%20from%20a%20variety%20of%20locations%20and%20devices.%20Conditional%20Access%20%3CA%20href%3D%22http%3A%2F%2Faka.ms%2Fzerotrust%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Eenables%20Zero%20Trust%20security%3C%2FA%3E%20%2C%20helping%20you%20provide%20this%20access%20while%20maintaining%20control%20over%20%22where%2C%20when%20and%20who%22%20is%20connecting%20to%20your%20Office%20365%20environment%3B%20So%20you%20can%20protect%20company%20assets%20while%20also%20enabling%20employees%20to%20be%20productive%20anywhere.%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%3EFor%20example%2C%20you%20can%20define%20a%20Conditional%20Access%20policy%20that%20evaluates%20sign-in%20connections%20from%20mobile%20devices%20to%20Exchange%20Online%2C%20and%20employees%20requires%20use%20Outlook%20for%20iOS%20and%20Android%20to%20successfully%20access%20their%20work%20email%20and%20calendar.%20This%20gives%20your%20organization%20the%20security%20and%20productivity%20advantages%20of%20an%20email%20and%20calendar%20app%20specifically%20built%20for%20the%20Office%20365%20cloud.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F117950i061451ADDF19AAE9%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22CA%20_%20Final.png%22%20title%3D%22CA_Final.png%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3EFig%201.%20App-based%20conditional%20access%20policy%20for%20access%20to%20Exchange%20Online.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSTRONG%3EConditional%20Access%20and%20Azure%20Multi-Factor%20Authentication%3CSPAN%3E%3CBR%20%2F%3E%3C%2FSPAN%3E%20%3C%2FSTRONG%3E%20Microsoft%20365%20Business%20includes%20advanced%20Azure%20Multi-Factor%20Authentication%20(MFA)%20capabilities%20that%20you%20can%20configure%20together%20with%20Conditional%20Access%20policies%20in%20order%20to%20gain%20additional%20assurance%20that%20account%20logins%20are%20made%20by%20the%20account's%20legitimate%20owner.%20For%20example%2C%20you%20could%20create%20a%20single%20policy%20that%20requires%20MFA%20when%20someone%20accesses%20from%20a%20location%20that%20is%20not%20trusted%20(for%20example%2C%20a%20country%20in%20which%20you%20don't%20do%20business%20in).%20This%20way%2C%20a%20user%20signing%20in%20from%20a%20known%20location%20can%20still%20gain%20access%20company%20resources%20while%20a%20user%20signing%20in%20from%20an%20untrusted%20location%20will%20be%20required%20to%20verify%20their%20identity%20through%20MFA%20before%20getting%20access.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EEnabling%20Conditional%20Access%3CBR%20%2F%3E%20%3C%2FSTRONG%3E%20Microsoft%20365%20Business%20customers%20can%20enable%20Conditional%20Access%20via%20the%20Azure%20Directory%20settings%20in%20the%20Azure%20portal.%20For%20more%20information%20on%20how%20to%20configure%20Conditional%20Access%20policies%2C%20please%20see%20the%20article%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Factive-directory%2Fconditional-access%2Foverview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EWhat%20is%20Conditional%20Access%3C%2FA%3E.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EMicrosoft%20365%20Business%3A%20A%20comprehensive%20security%20solution%20for%20SMBs%3C%2FSTRONG%3E%3CBR%20%2F%3E%20With%20Microsoft%20365%20Business%2C%20you%20have%20access%20to%20a%20comprehensive%20security%20solution%20specifically%20designed%20and%20priced%20for%20organizations%20with%20less%20than%20300%20employees.%20Ever%20since%20the%20launch%20of%20Microsoft%20365%20Business%20in%20October%202017%2C%20we've%20been%20incorporating%20customer%20and%20partner%20feedback%20and%20evolving%20Microsoft%20365%20Business%20to%20meet%20the%20needs%20of%20a%20changing%20security%20landscape.%20For%20more%20information%20on%20the%20features%20available%20in%20Microsoft%20365%20Business%2C%20please%20refer%20to%20the%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Fm365bsd%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMicrosoft%20365%20Business%20Service%20Description%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CEM%3E%3CSTRONG%3EFrequently%20Asked%20Questions%3A%3C%2FSTRONG%3E%3C%2FEM%3E%3C%2FP%3E%3CP%3E%3CFONT%20size%3D%222%22%3E%3CSTRONG%3E1.%26nbsp%3B%20What%20features%20are%20included%20under%20Conditional%20Access%20in%20Microsoft%20365%20Business%3F%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%3CFONT%20size%3D%222%22%3EConditional%20Access%20policies%20and%20configurations%20available%20to%20Microsoft%20365%20Business%20subscribers%20are%20the%20same%20as%20those%20available%20to%20Azure%20Active%20Directory%20Premium%20P1%20subscribers.%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%3CFONT%20size%3D%222%22%3EThis%20includes%3A%3C%2FFONT%3E%3C%2FP%3E%3CUL%3E%3CLI%3E%3CFONT%20size%3D%222%22%3EUser%20targeting%20based%20on%20username%2C%20group%20and%20role%3C%2FFONT%3E%3C%2FLI%3E%3CLI%3E%3CFONT%20size%3D%222%22%3EBy%20app%20targeting%3C%2FFONT%3E%3C%2FLI%3E%3CLI%3E%3CFONT%20size%3D%222%22%3EBy%20location%20%E2%80%93%20only%20allow%20access%20from%20IP%20ranges%20or%20specific%20countries%3C%2FFONT%3E%3C%2FLI%3E%3CLI%3E%3CFONT%20size%3D%222%22%3EBy%20app%20type%20%E2%80%93%20browser%2C%20desktop%2Fmobile%20apps%20using%20modern%20auth%20and%20legacy%20authentication%3C%2FFONT%3E%3C%2FLI%3E%3CLI%3E%3CFONT%20size%3D%222%22%3ERequire%20MFA%3C%2FFONT%3E%3C%2FLI%3E%3CLI%3E%3CFONT%20size%3D%222%22%3ERequire%20compliant%20or%20domain%20joined%20device%3C%2FFONT%3E%3C%2FLI%3E%3CLI%3E%3CFONT%20size%3D%222%22%3ERequire%20apps%20using%20Intune%20app%20protection%3C%2FFONT%3E%3C%2FLI%3E%3CLI%3E%3CFONT%20size%3D%222%22%3ECustom%20authentication%20factors%20(custom%20controls)%20%E2%80%93%20MFA%20with%203rd%20party%20MFA%20providers%2C%20(e.g.%20DUO%20or%20RSA)%3C%2FFONT%3E%3C%2FLI%3E%3C%2FUL%3E%3CP%3E%3CFONT%20size%3D%222%22%3E%3CSTRONG%3E2.%26nbsp%3B%20Does%20this%20mean%20that%20Azure%20Active%20Directory%20Premium%20P1%20is%20now%20included%20in%20Microsoft%20365%20Business%3F%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%3CFONT%20size%3D%222%22%3ENo%2C%20Azure%20AD%20Premium%20P1%20(AADP%20P1)%20is%20not%20included%20in%20Microsoft%20365%20Business.%20Microsoft%20365%20Business%20subscribers%20are%20entitled%20to%20the%20AADP%20P1%20features%20most%20relevant%20to%20small%20and%20medium-sized%20businesses%3A%3C%2FFONT%3E%3C%2FP%3E%3CUL%3E%3CLI%3E%3CFONT%20size%3D%222%22%3ESelf-service%20password%20reset%20for%20hybrid%20Azure%3C%2FFONT%3E%3C%2FLI%3E%3CLI%3E%3CFONT%20size%3D%222%22%3EAzure%20Multi-factor%20Authentication%3C%2FFONT%3E%3C%2FLI%3E%3CLI%3E%3CFONT%20size%3D%222%22%3EConditional%20Access%3C%2FFONT%3E%3C%2FLI%3E%3C%2FUL%3E%3CP%3E%3CFONT%20size%3D%222%22%3E%3CSTRONG%3E3.%26nbsp%3B%20Is%20Conditional%20Access%20available%20to%20Office%20365%20Business%20Premium%20subscribers%3F%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%3CFONT%20size%3D%222%22%3ENo%2C%20Conditional%20Access%20is%20not%20available%20to%20Office%20365%20Business%20Premium%20subscribers%3B%20It%20is%20a%20Microsoft%20365%20Business%20entitlement.%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3E%3CFONT%20size%3D%222%22%3E4th%3CFONT%3E.%26nbsp%3B%20When%20will%20Conditional%20Access%20be%20available%20to%20Microsoft%20365%20Business%20Subscribers%3F%3C%2FFONT%3E%3C%2FFONT%3E%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%3CFONT%20size%3D%222%22%3EConditional%20Access%20is%20already%20available%20for%20all%20Microsoft%20365%20Business%20subscribers.%20Customers%20can%20configure%20granular%20Conditional%20Access%20Policies%20via%20the%20Azure%20Active%20Directory%20Settings%20in%20the%20Azure%20Portal%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CHR%20%2F%3E%3C%2FBLOCKQUOTE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-691496%22%20slang%3D%22en-US%22%3ERe%3A%20Conditional%20Access%20is%20now%20part%20of%20Microsoft%20365%20Business!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-691496%22%20slang%3D%22en-US%22%3EDoes%20this%20mean%20Microsoft%20365%20now%20includes%20the%20%22MDM%20auto-enrollment%2C%20Self-Service%20BitLocker%20recovery%2C%20Additional%20local%20administrators%20to%20Windows%2010%20devices%20via%20Azure%20AD%20Join%2C%20Enterprise%20State%20Roaming%22%20and%20%22Advanced%20group%20features%3F%22%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-691518%22%20slang%3D%22en-US%22%3ERe%3A%20Conditional%20Access%20is%20now%20part%20of%20Microsoft%20365%20Business!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-691518%22%20slang%3D%22en-US%22%3E%3CP%3EAwesome%20news!%20This%20will%20really%20help%20our%20small%20businesses%20better%20meet%20compliance%20and%20security%20requirements.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-691519%22%20slang%3D%22en-US%22%3ERe%3A%20Conditional%20Access%20is%20now%20part%20of%20Microsoft%20365%20Business!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-691519%22%20slang%3D%22en-US%22%3E%3CP%3EAll%20of%20the%20details%20are%20here%20%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Foffice365%2Fservicedescriptions%2Fmicrosoft-365-business-service-description%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Foffice365%2Fservicedescriptions%2Fmicrosoft-365-business-service-description%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EBitlocker%20and%20Auto%20Enrollment%20have%20been%20there%20for%20a%20long%20time%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-691945%22%20slang%3D%22en-US%22%3ERe%3A%20Conditional%20Access%20is%20now%20part%20of%20Microsoft%20365%20Business!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-691945%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20is%20a%20massive%20addition.%20Great%20news.%20I%20think%20the%20last%20piece%20of%20the%20puzzle%20for%20me%20would%20by%20Dynamic%20Groups.%20Makes%20Intune%20auto-enrolment%2C%20polices%20etc%20fully%20automated%20as%20the%20device%20automatically%20goes%20in%20to%20the%20relevant%20groups%20as%20soon%20as%20it%20is%20synced%20to%20AAD.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-692420%22%20slang%3D%22en-US%22%3ERe%3A%20Conditional%20Access%20is%20now%20part%20of%20Microsoft%20365%20Business!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-692420%22%20slang%3D%22en-US%22%3E%3CP%3EGreat%20news%20-%20Any%20chance%20of%20making%20Microsoft%20365%20Business%20licence%20available%20for%20IUR%20%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-698830%22%20slang%3D%22en-US%22%3ERe%3A%20Conditional%20Access%20is%20now%20part%20of%20Microsoft%20365%20Business!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-698830%22%20slang%3D%22en-US%22%3E%3CP%3EGreat%20news%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-714108%22%20slang%3D%22en-US%22%3ERe%3A%20Conditional%20Access%20is%20now%20part%20of%20Microsoft%20365%20Business!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-714108%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20there%20any%20document%20that%20highlights%20what%20parts%20of%20AADP1%20are%20*not*%20included%20in%20M365B%3F%26nbsp%3B%20Conditional%20access%20is%20awesome%20but%20wondering%20if%20trusted%20IP's%20are%20also%20included%3F%26nbsp%3B%20A%20table%20comparing%20what's%20in%2Fout%20would%20be%20awesome.%26nbsp%3B%20Thank%20you!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-714302%22%20slang%3D%22en-US%22%3ERe%3A%20Conditional%20Access%20is%20now%20part%20of%20Microsoft%20365%20Business!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-714302%22%20slang%3D%22en-US%22%3E%3CP%3ENamed%20Locations%20aka%20IP%20Ranges%20are%20a%20part%20of%20the%20Conditional%20Access%20feature.%20You%20shouldn't%20define%20locations%20or%20ip%20adresses%20anywhere%20else%20anyways%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F85791%22%20target%3D%22_blank%22%3E%40David%20Wanderer%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-714441%22%20slang%3D%22en-US%22%3ERe%3A%20Conditional%20Access%20is%20now%20part%20of%20Microsoft%20365%20Business!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-714441%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F17492%22%20target%3D%22_blank%22%3E%40Jan%20Ketil%20Skanke%3C%2FA%3E%2C%20I%20usually%20define%20IP's%20in%20MFA%2Fservice%20settings%20so%20users%20on%20site%20(in%20most%20situations)%20won't%20get%20prompted%20for%20MFA.%26nbsp%3B%20Is%20there%20another%20way%20I%20should%20be%20doing%20this%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-714475%22%20slang%3D%22en-US%22%3ERe%3A%20Conditional%20Access%20is%20now%20part%20of%20Microsoft%20365%20Business!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-714475%22%20slang%3D%22en-US%22%3E%3CP%20dir%3D%22ltr%22%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F85791%22%20target%3D%22_blank%22%3E%40David%20Wanderer%3C%2FA%3E%26nbsp%3Byes%20it%20is.%20I%20recommend%20you%20use%20Named%20Locations%20under%20Conditional%20Access%26nbsp%3B%3C%2FP%3E%0A%3CP%20dir%3D%22ltr%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20dir%3D%22ltr%22%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-763075%22%20slang%3D%22en-US%22%3ERe%3A%20Conditional%20Access%20is%20now%20part%20of%20Microsoft%20365%20Business!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-763075%22%20slang%3D%22en-US%22%3E%3CP%3Ethe%20link%20to%20the%20Business%20Service%20Descriptions%20doesn't%20work.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-763712%22%20slang%3D%22en-US%22%3ERe%3A%20Conditional%20Access%20is%20now%20part%20of%20Microsoft%20365%20Business!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-763712%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F378414%22%20target%3D%22_blank%22%3E%40markahodges%3C%2FA%3E%26nbsp%3B%2C%20I%20see%20you%20had%20expressed%20some%20confusion%20as%20to%20what%20the%20differences%20are%20between%20Office%20365%20Business%20Premium%20and%20Microsoft%20365%20Business%20(latter%20being%20more%20inclusive%2Fmore%20products%20and%20functionality).%20I%20have%20a%20free%20%3CA%20href%3D%22https%3A%2F%2Fwww.itpromentor.com%2F365-licensing-guide%2F%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Elicensing%20guide%20available%3C%2FA%3Ethat%20is%20probably%20simpler%20than%20anything%20published%20by%20Microsoft.%20But%20the%20official%20%22service%20description%22%20for%20Microsoft%20365%20Business%2C%20which%20includes%20a%20comparison%20of%20features%20to%20Office%20365%20Business%20Premium%20is%20also%20available%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Foffice365%2Fservicedescriptions%2Fmicrosoft-365-service-descriptions%2Fmicrosoft-365-business-service-description%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Efrom%20Microsoft%3C%2FA%3E.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-763755%22%20slang%3D%22en-US%22%3ERe%3A%20Conditional%20Access%20is%20now%20part%20of%20Microsoft%20365%20Business!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-763755%22%20slang%3D%22en-US%22%3E%3CP%3EAfter%20I%20posted%20it%20I%20realized%20I%20was%20confusing%20the%202%20options%2C%20but%20I%20still%20need%20to%20read%20your%20guide.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20for%20info%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-724596%22%20slang%3D%22en-US%22%3ERe%3A%20Conditional%20Access%20is%20now%20part%20of%20Microsoft%20365%20Business!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-724596%22%20slang%3D%22en-US%22%3E%3CP%3EI%20cannot%20get%20Azure%20MFA%20NPS%20Extension%20to%20work%20with%20a%20tenant%20only%20having%20Microsoft%20365%20Business%20licenses%20assigned.%3C%2FP%3E%3CP%3EPowershell%20script%20throws%20error%20%22New-MsolServicePrincipalCredential%20%3A%20Service%20principal%20was%20not%20found.%22%20which%20is%20normally%20because%20the%20tenant%20has%20no%20Azure%20AD%20Premium%20licenses%20assigned.%3C%2FP%3E%3CP%3ESo%20doesn't%20%22Microsoft%20365%20Business%22%20licences%20include%20support%20for%20Azure%20MFA%20NPS%20Extension%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E
Microsoft

Over the past several months you’ve told us that adding Conditional Access to Microsoft 365 Business would help it secure SMB customers more comprehensively. Today, we are excited to announce the availability of Conditional Access for Microsoft 365 Business subscribers, enabling small and medium-sized businesses to enforce granular control on how company resources are accessed. Conditional Access policies and configurations available to Microsoft 365 Business subscribers are the same as those available to Azure Active Directory Premium P1 subscribers.

 

Why is Conditional Access important?
Are you concerned that employees at your company can access sensitive business data from mobile phones and personal or home devices that have no oversight?

 

Are you concerned that employees are downloading company data to personal apps and storage locations that cannot be wiped when they leave?

 

Do you want to ensure that employees can only access your network from certain locations and block access from other locations?

Conditional Access helps you do exactly that! By configuring Conditional Access policies you can maintain control over how and where your company data is accessed, making your business more secure. You can define exact criteria for who can gain access and block those who don't meet the criteria. The criteria can be based on factors like the type of device, app and location.

 

Benefits of Conditional Access
There was a time when it seemed like keeping business data behind a firewall in your office network and limiting access from the outside world was enough to protect your business. Today, company information is in the cloud and you need a way to provide employees with options to access it from a variety of locations and devices. Conditional Access enables Zero Trust security, helping you provide this access while maintaining control over “where, when and who” is connecting to your Office 365 environment; so you can protect company assets while also enabling employees to be productive from anywhere.

For example, you can define a Conditional Access policy that evaluates sign-in connections from mobile devices to Exchange Online, and requires employees use Outlook for iOS and Android to successfully access their work email and calendar. This gives your organization the security and productivity advantages of an email and calendar app built specifically for the Office 365 cloud. 

 

CA_Final.pngFig 1. App-based conditional access policy for access to Exchange Online.

Conditional Access and Azure Multi-Factor Authentication
Microsoft 365 Business includes advanced Azure Multi-Factor Authentication (MFA) capabilities that you can configure together with Conditional Access policies in order to gain additional assurance that account logins are made by the account’s legitimate owner. For example, you could create a single policy that requires MFA when someone accesses from a location that is not trusted (for example, a country in which you don't do business in). This way, a user signing in from a known location can still gain access to company resources while a user signing in from an untrusted location will be required to verify their identity through MFA before getting access.

 

Enabling Conditional Access
Microsoft 365 Business customers can enable Conditional Access via the Azure Directory settings in the Azure portal. For more information on how to configure Conditional Access policies, please see the article What is Conditional Access.

 

Microsoft 365 Business: A comprehensive security solution for SMBs
With Microsoft 365 Business, you have access to a comprehensive security solution specifically designed and priced for organizations with less than 300 employees. Ever since the launch of Microsoft 365 Business in October 2017, we’ve been incorporating customer and partner feedback and evolving Microsoft 365 Business to meet the needs of a changing security landscape. For more information on the features available in Microsoft 365 Business, please refer to the Microsoft 365 Business Service Description

 

Frequently Asked Questions:

1.  What features are included under Conditional Access in Microsoft 365 Business?

Conditional Access policies and configurations available to Microsoft 365 Business subscribers are the same as those available to Azure Active Directory Premium P1 subscribers.

This includes:

  • User targeting based on username, group and role
  • Per app targeting
  • By location – only allow access from trusted IP ranges or specific countries
  • By app type – browser, desktop / mobile apps using modern auth and legacy authentication
  • Require MFA
  • Require compliant or domain joined device
  • Require apps using Intune app protection
  • Custom authentication factors (custom controls) – MFA with 3rd party MFA providers, (e.g. DUO or RSA)

2.  Does this mean that Azure Active Directory Premium P1 is now included in Microsoft 365 Business?

No, Azure AD Premium P1 (AADP P1) is not included in Microsoft 365 Business. Microsoft 365 Business subscribers are entitled to the AADP P1 features most relevant to small and medium-sized businesses:

  • Self-service password reset for hybrid Azure
  • Azure Multi-factor Authentication
  • Conditional Access

3.  Is Conditional Access available to Office 365 Business Premium subscribers?

No, Conditional Access is not available to Office 365 Business Premium subscribers; it is a Microsoft 365 Business entitlement.

 

4.  When will Conditional Access be available to Microsoft 365 Business Subscribers?

Conditional Access is already available for all Microsoft 365 Business subscribers. Customers can configure granular Conditional Access Policies via the Azure Active Directory Settings in the Azure Portal

 

25 Comments

I just have to say, this is one of the best news for Microsoft 365 Business ever. Finally this SKU is something we can truly sell with confidence to anyone within the space below 300 seats. Thank you. 

This is really huge improvement! I have a lot of customer which this announcement make them happy. Thanks. :thumbs_up:

Occasional Contributor

This quite literally made my day. Thank you again Ashanka, your dedication to this product and going to bat for the SMB is very much appreciated. I am going to throw a party, I think...

Occasional Contributor

Outstanding news! 

Regular Visitor

Smiley Happy This is very good news! This "package" will be a Hit this year among the solution for SMB market. 

Great News!!! 

A game changer in security for Small and Medium Business space. 

Occasional Contributor

Now please add GPO capability to the Office that comes with M365B, that would be smashing.

Occasional Contributor

@WelshWizard, what features from GPO are you wanting? Anything in particular that you can’t achieve with Intune? Note that GPO’s apply specifically to ProPlus, but Intune can be used to deploy and manipulate several settings in Office, including Business edition.

New Contributor

Fantastic news and really makes this SKU a easy choice for most SMBs. Thanks!

Occasional Visitor

Does that include the GCC license platforms?

Established Member

Very helpful

THANKS to Microsoft 


@Ashanka Iddya  schrieb:

Over the past several months you’ve told us that adding Conditional Access to Microsoft 365 Business would help it secure SMB customers more comprehensively. Today, we are excited to announce the availability of Conditional Access for Microsoft 365 Business subscribers, enabling small and medium-sized businesses to enforce granular control on how company resources are accessed. Conditional Access policies and configurations available to Microsoft 365 Business subscribers are the same as those available to Azure Active Directory Premium P1 subscribers.

 

Why is Conditional Access important?
Are you concerned that employees at your company can access sensitive business data from mobile phones and personal or home devices that have no oversight?

 

Are you concerned that employees are downloading company data to personal apps and storage locations that cannot be wiped when they leave?

 

Do you want to ensure that employees can only access your network from certain locations and block access from other locations?

Conditional Access helps you do exactly that! By configuring Conditional Access policies you can maintain control over how and where your company data is accessed, making your business more secure. You can define exact criteria for who can gain access and block those who don't meet the criteria. The criteria can be based on factors like the type of device, app and location.

 

Benefits of Conditional Access
There was a time when it seemed like keeping business data behind a firewall in your office network and limiting access from the outside world was enough to protect your business. Today, company information is in the cloud and you need a way to provide employees with options to access it from a variety of locations and devices. Conditional Access enables Zero Trust security, helping you provide this access while maintaining control over “where, when and who” is connecting to your Office 365 environment; so you can protect company assets while also enabling employees to be productive from anywhere.

For example, you can define a Conditional Access policy that evaluates sign-in connections from mobile devices to Exchange Online, and requires employees use Outlook for iOS and Android to successfully access their work email and calendar. This gives your organization the security and productivity advantages of an email and calendar app built specifically for the Office 365 cloud. 

 

CA_Final.pngFig 1. App-based conditional access policy for access to Exchange Online.

Conditional Access and Azure Multi-Factor Authentication
Microsoft 365 Business includes advanced Azure Multi-Factor Authentication (MFA) capabilities that you can configure together with Conditional Access policies in order to gain additional assurance that account logins are made by the account’s legitimate owner. For example, you could create a single policy that requires MFA when someone accesses from a location that is not trusted (for example, a country in which you don't do business in). This way, a user signing in from a known location can still gain access to company resources while a user signing in from an untrusted location will be required to verify their identity through MFA before getting access.

 

Enabling Conditional Access
Microsoft 365 Business customers can enable Conditional Access via the Azure Directory settings in the Azure portal. For more information on how to configure Conditional Access policies, please see the article What is Conditional Access.

 

Microsoft 365 Business: A comprehensive security solution for SMBs
With Microsoft 365 Business, you have access to a comprehensive security solution specifically designed and priced for organizations with less than 300 employees. Ever since the launch of Microsoft 365 Business in October 2017, we’ve been incorporating customer and partner feedback and evolving Microsoft 365 Business to meet the needs of a changing security landscape. For more information on the features available in Microsoft 365 Business, please refer to the Microsoft 365 Business Service Description

 

Frequently Asked Questions:

1.  What features are included under Conditional Access in Microsoft 365 Business?

Conditional Access policies and configurations available to Microsoft 365 Business subscribers are the same as those available to Azure Active Directory Premium P1 subscribers.

This includes:

  • User targeting based on username, group and role
  • Per app targeting
  • By location – only allow access from trusted IP ranges or specific countries
  • By app type – browser, desktop / mobile apps using modern auth and legacy authentication
  • Require MFA
  • Require compliant or domain joined device
  • Require apps using Intune app protection
  • Custom authentication factors (custom controls) – MFA with 3rd party MFA providers, (e.g. DUO or RSA)

2.  Does this mean that Azure Active Directory Premium P1 is now included in Microsoft 365 Business?

No, Azure AD Premium P1 (AADP P1) is not included in Microsoft 365 Business. Microsoft 365 Business subscribers are entitled to the AADP P1 features most relevant to small and medium-sized businesses:

  • Self-service password reset for hybrid Azure
  • Azure Multi-factor Authentication
  • Conditional Access

3.  Is Conditional Access available to Office 365 Business Premium subscribers?

No, Conditional Access is not available to Office 365 Business Premium subscribers; it is a Microsoft 365 Business entitlement.

 

4.  When will Conditional Access be available to Microsoft 365 Business Subscribers?

Conditional Access is already available for all Microsoft 365 Business subscribers. Customers can configure granular Conditional Access Policies via the Azure Active Directory Settings in the Azure Portal

 


 

Occasional Visitor
Does this mean Microsoft 365 now includes the "MDM auto-enrollment, Self-Service BitLocker recovery, Additional local administrators to Windows 10 devices via Azure AD Join, Enterprise State Roaming" and "Advanced group features?"
Occasional Contributor

Awesome news! This will really help our small businesses better meet compliance and security requirements.

All of the details are here :

 

https://docs.microsoft.com/en-us/office365/servicedescriptions/microsoft-365-business-service-descri...

 

Bitlocker and Auto Enrollment have been there for a long time 

 

Regular Visitor

This is a massive addition. Great news. I think the last piece of the puzzle for me would by Dynamic Groups. Makes Intune auto-enrolment, polices etc fully automated as the device automatically goes in to the relevant groups as soon as it is synced to AAD.

New Contributor

Great news - Any chance of making Microsoft 365 Business licence available for IUR ?

 

 

Visitor

Great news :)

Occasional Contributor

Is there any document that highlights what parts of AADP1 are *not* included in M365B?  Conditional access is awesome but wondering if trusted IP's are also included?  A table comparing what's in/out would be awesome.  Thank you!

Named Locations aka IP Ranges are a part of the Conditional Access feature. You shouldn't define locations or ip adresses anywhere else anyways @David Wanderer 

Occasional Contributor

@Jan Ketil Skanke, I usually define IP's in MFA/service settings so users on site (in most situations) won't get prompted for MFA.  Is there another way I should be doing this?

@David Wanderer yes it is. I recommend you use Named Locations under Conditional Access 

 

 

Regular Visitor

I cannot get Azure MFA NPS Extension to work with a tenant only having Microsoft 365 Business licenses assigned.

Powershell script throws error "New-MsolServicePrincipalCredential : Service principal was not found." which is normally because the tenant has no Azure AD Premium licenses assigned.

So doesn't "Microsoft 365 Business" licences include support for Azure MFA NPS Extension?

Visitor

the link to the Business Service Descriptions doesn't work.

 

Occasional Contributor

Hi @markahodges , I see you had expressed some confusion as to what the differences are between Office 365 Business Premium and Microsoft 365 Business (latter being more inclusive/more products and functionality). I have a free licensing guide available that is probably simpler than anything published by Microsoft. But the official "service description" for Microsoft 365 Business, which includes a comparison of features to Office 365 Business Premium is also available from Microsoft.

Visitor

After I posted it I realized I was confusing the 2 options, but I still need to read your guide.

 

Thanks for info