Back to Basics: Conditional Access in Azure Active Directory

Damage limitation is the bedrock of any successful cybersecurity strategy. For companies, that means controlling who can access sensitive data and corporate resources.

In this beginners-friendly edition of CQURE Hacks, Paula J takes a tour of secure access settings in Azure Active Directory and demonstrates how companies can go beyond basic privilege management to protect their digital assets using conditional access.

Regulating access to your company’s files, systems, and applications cuts the risk of your data falling into the hands of hackers, threat actors and thieves.

While standard privilege management stops at ID-based authentication, conditional access in Azure Active Directory gives greater flexibility and control by allowing remote connections only when certain conditions are met.

Using conditional access, an administrator can regulate access by user location, device type, the kind of application or file being used and more. To achieve this, the administrator creates an Azure Active Directory security policy that specifies which condition(s) must be met for access to be allowed.

In this back-to-basics CQURE Hacks episode, Paula J demonstrates how to create secure conditional access policies and monitor access in the Azure Active Directory.

>>> Controlling access by a user’s IP address

o   Add the IP range’s location

o   Define the range to be assigned to the policy

o   Name the policy e.g., ‘Corporate IP range’

o   Specify the trusted IP addresses related to the location

>>> Controlling access by the kind of user or group, e.g., corporate only

o   Create a new policy

o   In conditions, specify login from corporate IP addresses

o   Exclude sign-ins from other users and groups

>>> Controlling access by location

o   A demonstration using the United States and Poland as examples

>>> Creating emergency access accounts known as “break glass accounts” to prevent yourself being accidentally locked out of your Azure Active Directory

>>>   More ways to regulate access

o   Blocking access

o   Enforcing multifactor authentication

o   Session controls

>>> Final steps

o   Turning on policies

o   Testing polices

o   Monitoring user access via the dashboard

After you’ve set up conditional access in Azure Directory, browse our blog to discover more clever ways to secure your data.

Holiday time is approaching and we know that everyone loves to receive gifts! Especially at CQURE, the idea of sharing is close to us and we would like to invite you to our Great Racoon Giveaway Contest, where you will get a chance to win $3920-worth voucher for any of CQURE Academy Live Courses! 

Please click on the below banner to find out more about the contest:

Comments