The “Top 10 actions to secure your environment” series outlines fundamental steps you can take with your investment in Microsoft 365 security solutions. In “Step 4. Set conditional access policies,” you’ll learn how to control access to your apps and corporate resources using conditional access policies, and how these policies can block legacy authentication methods and control access to SaaS apps.
In today’s workplace, users can work from anywhere, on any device, whether they are using a company-provided laptop at the office, working from home, traveling for business, or using a personal mobile phone. And they expect to seamlessly access what they need to get work done. While the need for productivity may not change with circumstances, the level of risk of each sign-in does. It is critical to safeguard your identities, but it is not enough. You also need flexible security policies that are responsive to conditions. Azure AD conditional access lets you apply security policies that are triggered automatically when certain conditions are met. You can block access if the data suggests the user has been compromised or if it’s highly unlikely that the user would sign in under those conditions. You can enforce additional authentication requirements when the system detects a medium risk based on the sign-in conditions.
I had written an extensive blog on creating conditional access policies based on scenarios. It was kept in mind to be MAM based shop rather than MDM as we want to promote BYOD policies and do not want to control end user devices. Protection of company data was the only interest we had. For this to achieve we created Free Public WiFi for our staff as there is no way to push certs with MAM only policy.