cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Azure AD conditional Access.

Deleted
Not applicable

‎Oct 18 2017 01:05 PM

‎Oct 18 2017 01:05 PM

Azure AD conditional Access.

Hi All,

I was looking for some insights on how large enterprises handle this situation.

Assuming you have IP based restrictions for SharePoint Online OR Conditional access where you created a named location with a set of IPS.
In a scenarios where on the network infrastructure is changed or updated/ new sites added/ circuits changed, how do large enterprises deal with handling this change?

For a large enterprise you could have multiple locations and a complex network, is there a best approach to handle change in the IPs so that users don't get locked out of Office 365?

 

Thanks,

Priyank

1,407 Views
0 Likes
1 Reply
Reply
1 Reply
best response
Paul Cunningham

‎Oct 22 2017 11:28 PM - edited ‎Oct 24 2017 01:20 AM

‎Oct 22 2017 11:28 PM - edited ‎Oct 24 2017 01:20 AM

Solution

Re: Azure AD conditional Access.

If you're doing IP-based restrictions, then this becomes a change management issue. Before new IP ranges are added, or existing IP ranges are removed, you should include in your planning the steps to update your conditional access rules.

 

If IP-based restrictions are becoming unmanageable for you, consider moving to managed vs unmanaged device policies in conditional access instead. That way you aren't trusting networks (all networks should be untrusted these days), and you're focusing on securing identities and endpoints (devices) instead.

 

Here is a blog post on the topic if you're interested: https://practical365.com/security/azure-active-directory-conditional-access-enforce-multi-factor-aut...

0 Likes
Reply
1 best response

Accepted Solutions
best response
Paul Cunningham

‎Oct 22 2017 11:28 PM - edited ‎Oct 24 2017 01:20 AM

‎Oct 22 2017 11:28 PM - edited ‎Oct 24 2017 01:20 AM

Solution

Re: Azure AD conditional Access.

If you're doing IP-based restrictions, then this becomes a change management issue. Before new IP ranges are added, or existing IP ranges are removed, you should include in your planning the steps to update your conditional access rules.

 

If IP-based restrictions are becoming unmanageable for you, consider moving to managed vs unmanaged device policies in conditional access instead. That way you aren't trusting networks (all networks should be untrusted these days), and you're focusing on securing identities and endpoints (devices) instead.

 

Here is a blog post on the topic if you're interested: https://practical365.com/security/azure-active-directory-conditional-access-enforce-multi-factor-aut...

View solution in original post

0 Likes
Reply