Azure Ad Conditional aCCESS

  Add extra protection by allowing access to Office 365 applications only when users can meet certain conditions.

Business challenge concept with businessman walking towards gap



Protect access to your company’s data in Office 365 by enforcing additional protection when it's most needed. For example, users can be forced to provide One-time Passcodes (OTP) when combined with the Azure Multi-factor Authentication service to access SharePoint Online from unknown locations or devices and guest users can be required to agree to terms of use before allowing access to Microsoft Teams. Azure AD Conditional Access can be used to protect some or all your cloud apps.


With Azure AD Conditional Access, administrators can prevent access to data and services unless a user or device meets certain conditions. The conditions can include but are not limited to the following:

Sign-in risk level - When combined with Azure AD Identity Protection, access to cloud services can be granted or prevented depending on the risk level assigned to users.

Selected device platforms - Conditional Access policies can be created for groups of device platforms or can be configured separately for Android, iOS, MacOS & Windows operating systems. By using device platforms as a condition, companies can insist on the same user providing different methods of authentication depending on which device is being used to access cloud-based applications and services.

Locations - By creating “Trusted Locations”, companies can allow access to services such as Exchange Online from safe locations and deny access from suspicious or unusual locations including territory’s that the company would not normal provide services.

Client applications - Policies can be created depending on whether the user is accessing services using a browser or a client application such as mobile or Office Professional applications.

Device state - There are currently two type of device states that can be used with Conditional Access policies, Hybrid Azure AD Joined for devices that are registered with Azure Active Directory and device that are marked as compliant when used in conjunction with Microsoft Intune.

Azure AD CA Policies

Creating policies with Azure AD Conditional Access can be daunting but once up and running provides an additional level of security ensuring your company’s data is as secure as possible. 

For guidance on Conditional Access, speak to us.

Contact Us