cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

AAD Conditional Access policies vs Control Access RBAC

f0cus_13
Copper Contributor

‎Oct 22 2021 12:39 AM - edited ‎Oct 22 2021 12:41 AM

‎Oct 22 2021 12:39 AM - edited ‎Oct 22 2021 12:41 AM

AAD Conditional Access policies vs Control Access RBAC

Hi community.

Could someone explain me the difference between Conditional Access and Control Access RBAC policies?

If I understood, with conditional access I configure how a user (internal/external) could login in Azure environment and/or Apps, for example by enabling the MFA or geographical location, and so on.

Instead, with conditional access (RBAC) policies I could specify what users/groups (internals/externals) can do: for example I can enable read only privileges for a group for Azure vNet access, or admin privileges for Azure Sentinel.

Is it correct?

 

Thank you all

5,220 Views
1 Like
1 Reply
Reply
1 Reply
best response confirmed by f0cus_13 (Copper Contributor)
Markus Lintuala

‎Oct 22 2021 02:25 AM - last edited on ‎Nov 09 2023 12:26 AM by

‎Oct 22 2021 02:25 AM - last edited on ‎Nov 09 2023 12:26 AM by

Solution

Re: AAD Conditional Access policies vs Control Access RBAC

Hi @f0cus_13,


You are right. Azure and Azure AD are mixed to each other every now and then. Azure AD is a directory with users, groups, devices, applications and etc. It has for example capabilities to manage user access to different applications as Azure Management or Office 365 applications with Conditional Access policies. If we think access control overall this affects to the authentication part of access process.

 

Azure RBAC is Azure's capability to make more granual access control to resources, resource groups, subscriptions etc. Azure RBAC connects Azure AD users (who has access) to roles (what access they have) to the scope (where they have access to). If we think access control overall this affects to the authorization part of access process.

 

For your case you can give access to VNET or Sentinel with Azure RBAC, not with Conditional Access. You can require MFA or managed device or whatever from user to access to application Azure Management with Conditional Access. 

 

/Markus

1 Like
Reply
1 best response

Accepted Solutions
best response confirmed by f0cus_13 (Copper Contributor)
Markus Lintuala

‎Oct 22 2021 02:25 AM - last edited on ‎Nov 09 2023 12:26 AM by

‎Oct 22 2021 02:25 AM - last edited on ‎Nov 09 2023 12:26 AM by

Solution

Re: AAD Conditional Access policies vs Control Access RBAC

Hi @f0cus_13,


You are right. Azure and Azure AD are mixed to each other every now and then. Azure AD is a directory with users, groups, devices, applications and etc. It has for example capabilities to manage user access to different applications as Azure Management or Office 365 applications with Conditional Access policies. If we think access control overall this affects to the authentication part of access process.

 

Azure RBAC is Azure's capability to make more granual access control to resources, resource groups, subscriptions etc. Azure RBAC connects Azure AD users (who has access) to roles (what access they have) to the scope (where they have access to). If we think access control overall this affects to the authorization part of access process.

 

For your case you can give access to VNET or Sentinel with Azure RBAC, not with Conditional Access. You can require MFA or managed device or whatever from user to access to application Azure Management with Conditional Access. 

 

/Markus

View solution in original post

1 Like
Reply