Once a policy is configured, it will be automatically applied when a user attempts to sign into an application. For example, let's say a if an admin has configured a conditional access policy requiring MFA for Exchange Online. When the user goes to the Office 365 portal, they will be seamlessly signed in:
But when they click on the "Mail" tile to access their email, the user will be challenged to complete an MFA challenge:
The MFA and Network Location policies are applied across all devices. For example, admins can create a Conditional Access policy for SharePoint that requires users to be on their corporate network to access the service. If a user tries to access SharePoint from outside their iPhone when they are off of the corporate network their authorization fails and they get blocked like this:
And best of all, conditional access works for browser apps, rich client apps, phone apps and even on-premises apps being accessed using our Azure AD Application Proxy! Teams across Microsoft have worked together on Conditional Access and to enable these policies across all the apps and services listed here . Most notably, per-app access can be set on the following services:
Conditional access gave us the ability to deliver a positive user experience while providing a secure solution tightly integrated with our existing Microsoft platform Office 365, Azure Application Proxy, and Azure AD SaaS applications
Using Azure AD conditional access policy for Onedrive, SharePoint and Exchange online, we were able to adopt Office 365, while protecting critical company data, choosing which groups of users would have access to which applications and from which locations
Conditional access gave Microsoft IT the granularity we needed to tightly control our rollout of MFA for email. Being able to tightly coordinate the technical deployment with our internal communication/education program was key to delivering a great user experience and more security.
- Microsoft ITWe love to see the value this is bringing to organizations, and are excited to make it available to all our customers!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.