Add extra protection by allowing access to Office 365 applications only when users can meet certain conditions.
AZURE AD CONDITIONAL ACCESS
With Azure AD Conditional Access, administrators can prevent access to data and services unless a user or device meets certain conditions. The conditions can include but are not limited to the following:
Sign-in risk level - When combined with Azure AD Identity Protection, access to cloud services can be granted or prevented depending on the risk level assigned to users.
Selected device platforms - Conditional Access policies can be created for groups of device platforms or can be configured separately for Android, iOS, MacOS & Windows operating systems. By using device platforms as a condition, companies can insist on the same user providing different methods of authentication depending on which device is being used to access cloud-based applications and services.
Locations - By creating “Trusted Locations”, companies can allow access to services such as Exchange Online from safe locations and deny access from suspicious or unusual locations including territory’s that the company would not normal provide services.
Client applications - Policies can be created depending on whether the user is accessing services using a browser or a client application such as mobile or Office Professional applications.
Device state - There are currently two type of device states that can be used with Conditional Access policies, Hybrid Azure AD Joined for devices that are registered with Azure Active Directory and device that are marked as compliant when used in conjunction with Microsoft Intune.
Creating policies with Azure AD Conditional Access can be daunting but once up and running provides an additional level of security ensuring your company’s data is as secure as possible.
For guidance on Conditional Access, speak to us.