cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Azure AD Conditional Access Policies Add Check for External User Types

Tony Redmond
MVP

‎Oct 27 2022 01:19 AM

‎Oct 27 2022 01:19 AM

Azure AD Conditional Access Policies Add Check for External User Types

 

Azure AD conditional access policies can exert fine-grained control over the type of external users who can connect and what tenants they belong to. The new capability works especially well alongside Azure B2B Collaboration (guest users) and Azure B2B Direct Connect (used by Teams shared channels). It’s yet another way to impose control over who you allow to connect to your tenant.

https://office365itpros.com/2022/10/27/conditional-access-policy-external/

Labels:
997 Views
0 Likes
3 Replies
Reply
3 Replies
ChristianJBergstrom

‎Oct 27 2022 02:52 AM

‎Oct 27 2022 02:52 AM

Re: Azure AD Conditional Access Policies Add Check for External User Types

You don't happen to know where we could find more information when it comes to Direct Connect users and this preview? Did some searching but didn't find the details I'm looking for. As the "shared channels" users don't get at presence (account) in the resource org., we've been presented with the three trust settings in External Identities in AAD for conditional access using the host orgs; 1) claims for MFA, 2) complaint devices and 3) hybrid Azure AD joined. I had to try some other settings and they are not being enforced even though you can complete those policies without being prompted. Perhaps a no brainer here but people not familiar with the trust settings could be confused as why their policies doesn't work.
0 Likes
Reply
Tony Redmond

‎Oct 27 2022 08:48 AM

‎Oct 27 2022 08:48 AM

Re: Azure AD Conditional Access Policies Add Check for External User Types

Direct connect users are not guests in your tenant, so looking up presence requires a cross-tenant query. I don't believe that this is covered by the access policy, and I can imagine that some people would be unhappy to expose their presence to people in another tenant where they share a channel.
0 Likes
Reply
ChristianJBergstrom

‎Oct 27 2022 09:50 AM - edited ‎Oct 27 2022 10:01 AM

‎Oct 27 2022 09:50 AM - edited ‎Oct 27 2022 10:01 AM

Re: Azure AD Conditional Access Policies Add Check for External User Types

Agreed. Simply miss clarification in the docs (not for myself) but as it’s in preview I imagine it will be published going forward.

0 Likes
Reply