I.e., We could only make the policy apply to the activities of the users we chose here. Also, we can control access only based on the users and directory role assignments. With the existing conditional access policies, we are only able to provide protection on an app or service level. As a result, the company must provide an enhanced layer of security for that specific SharePoint site. Let us try to understand this with an example scenario.Īssume that an organization has a specific SharePoint site where some confidential data is kept. The existing Conditional Access Policies are primarily app-level and do not provide the resource granularity that we need. What Lacks in the Existing Conditional Access Policy? So, if the signal matches a ‘ user with the Administrative Role‘ in an access request, the decision to ‘ grant access with requiring Multi-Factor Authentication‘ is made.įurther, admins can ensure MFA enforcement with the newly released MFA registration details report in Azure AD. In this policy, if a user with administrator privileges requests access to the resources, multi-factor authentication is required. Let us try to understand the whole thing with an example-a common Conditional Access policy: Requiring multi-factor authentication for users with administrative roles Real-time and calculated risk detection.Grant access- least restrictive decisionĬommon signals used in conditional access policies to make decisions are:.Block access- most restrictive decision.CA policies are implemented only after the first factor of authentication is fulfilled in a Multi-Factor Authentication scenario.Ī conditional access policy is intended to make decisions based on the signals of access requests. Let’s look through Conditional Access Policy briefly before moving on to the Conditional Access Authentication Context.Ĭonditional Access policies are used to provide an extra layer of protection for an organization’s resources. It can be complemented with the existing Conditional Access policy. To address this limitation, the new Conditional Access Authentication Context is introduced.Ĭonditional Access Authentication Context is a recent feature that is currently in public preview. Defining more granular control over our organization’s sensitive information has always been difficult under the current Conditional Access policy.
0 kommentar(er)
