Hi,
I’m delighted to announce the general availability of Conditional Access for Protected Actions! This powerful feature empowers organizations to safeguard critical administrative operations with Conditional Access policies.
Protected actions refer to high-stakes operations that carry significant risk, such as altering conditional access policies, adding credentials to an application, or changing federation trust settings. These actions, if executed by a malicious actor, can severely compromise your organization's security posture.
I've asked Swetha Rai, a Senior Product Manager on the Identity team, to tell you more. Let us know what you think!
Nitika Gupta
Group Product Manager, Identity Security
__________________________________________________________________________________________________________________________________________________
Hi,
My name is Swetha, and I’m a product manager on the Identity team focused on Conditional Access (CA). Today, I’m excited to share more about the Conditional Access for protected actions feature that is now generally available.
With Conditional Access for protected actions, organizations can now add an extra layer of protection to these sensitive operations by defining granular policies that specify the conditions under which users can perform protected actions. For example, organizations can require administrators to complete phishing-resistant multi-factor authentication (MFA), use a compliant device, or be in a trusted location before modifying a conditional access policy. This way, even if an attacker gains access to an admin account, they won't be able to perform high-risk actions without meeting the additional security criteria. Here are some examples of policies for protected actions:
We’re continuing to add support for more protected actions based on customer feedback. Today, you can protect the following areas:\
Protected Actions on the roadmap:
We encourage you to explore this powerful feature and let us know what you think!
Learn more about Microsoft Entra:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.