Thursday, 30 April 2020

AAD Conditional Access

What is Conditional Access on AAD: Microsoft AAD with conditional access allows for users or groups to verify themselves more securely as after the login attempt an additional check is required to identify if the account may be compromised/at risk or is good.  Microsoft use algorithms and a ton of collated information to determine the risk on the attempted login.  A simple example would be a users location is unusual or logging in from different places in the world in too short a period.

  • First factor Authentication happens before conditional access. 
  • Setting up conditional AAD access 
  • Conditional Access is part of Azure MFA
  • Configure conditions for access
  • Easy to bypass MFA if a used is a ADFS federated user or coming from a specific IP range (head office location) or region.  Can also allow a one time bypass if a user loses there phone.
  • Required Azure AD Premium licences


Post a Comment