Updates to Azure AD Terms of Use functionality within conditional access
Published Dec 10 2018 09:00 AM 13.7K Views

Howdy folks,

 

Today, I am excited to announce the release of two new features for Azure Active Directory (Azure AD) Terms of Use that provide more granular reports and flexibility with Terms of Use scheduling. Previously, users only had to consent to a Terms of Use once. Based on feedback from our customers, you now have the option to require each user to consent on each device. We also added support to expire consents on a regular schedule.

 

I’m also pleased to introduce new Terms of Use scenarios for B2B guests, Azure Information Protection, and Microsoft Intune. These features are now in public preview for Azure AD Premium customers. Read on for details on both our new features and these scenarios.

 

Require each user to consent on each device

Previously, each user only had to consent to a Terms of Use one time. We heard feedback that the current report—showing which user consent to which Terms of Use and when—was not sufficient and that more granularity for HBI resources was needed. Going forward, you can require each user to consent on each device.

 

Terms of Use showing new consent option.Terms of Use showing new consent option.

Terms of Use consents for device.Terms of Use consents for device.

Expire consents on a regular schedule

For customers who have a compliance requirement or regulation requiring users to consent to a Terms of Use on a recurring basis, we added support to expire consents on a regular schedule. Now, you can configure consents to expire on a per user schedule and/or a per Terms of Use schedule.

 

New Terms of Use schedule option.New Terms of Use schedule option.

Terms of Use consents.Terms of Use consents.

 

New scenarios for B2B guests, Azure Information Protection, and Intune

We also added three new scenarios of Azure AD Terms of Use:

  • Terms of Use for B2B guests—Most organizations have a process in place (whether it’s good or bad) for their employees to consent to their organization's terms of use and privacy statements. But how can you enforce the same consents for B2B guests when they’re added via SharePoint or Microsoft Teams? Using conditional access and Terms of Use you can now enforce a policy directly towards B2B guest users. During the invitation redemption flow, the user is presented with the terms of use.

Updates to Azure AD Terms of Use 5.png

 

  • Terms of Use for Azure Information Protection—Now, you can configure a conditional access policy to the Azure Information Protection app and require a terms of use when a user accesses a protected document. This will trigger a terms of use prior to a user accessing a protected document for the first time.

Terms of Use for Azure Information Protection.Terms of Use for Azure Information Protection. 

Terms of Use for Intune enrollment.Terms of Use for Intune enrollment.

Check out the documentation on how to set up and configure Azure AD Terms of Use. Let us know what you think in the comments below. As always, we’d love to hear any feedback or suggestions you have.

 

 

Best regards,

Alex Simons (@Alex_A_Simons )

Corporate VP of Program Management

Microsoft Identity Division

7 Comments
Version history
Last update:
‎Jul 24 2020 01:47 AM
Updated by: