Back to Basics: Conditional Access in Azure Active Directory

Regulating access to your company’s files, systems, and applications cuts the risk of your data falling into the hands of hackers, threat actors and thieves.

While standard privilege management stops at ID-based authentication, conditional access in Azure Active Directory gives greater flexibility and control by allowing remote connections only when certain conditions are met.

Using conditional access, an administrator can regulate access by user location, device type, the kind of application or file being used and more. To achieve this, the administrator creates an Azure Active Directory security policy that specifies which condition(s) must be met for access to be allowed.

In this back-to-basics CQURE Hacks episode, Paula J demonstrates how to create secure conditional access policies and monitor access in the Azure Active Directory.

>>> Controlling access by a user’s IP address

o   Add the IP range’s location

o   Define the range to be assigned to the policy

o   Name the policy e.g., ‘Corporate IP range’

o   Specify the trusted IP addresses related to the location

>>> Controlling access by the kind of user or group, e.g., corporate only

o   Create a new policy

o   In conditions, specify login from corporate IP addresses

o   Exclude sign-ins from other users and groups

>>> Controlling access by location

o   A demonstration using the United States and Poland as examples

>>> Creating emergency access accounts known as “break glass accounts” to prevent yourself being accidentally locked out of your Azure Active Directory

>>>   More ways to regulate access

o   Blocking access

o   Enforcing multifactor authentication

o   Session controls

>>> Final steps

o   Turning on policies

o   Testing polices

o   Monitoring user access via the dashboard

After you’ve set up conditional access in Azure Directory, browse our blog to discover more clever ways to secure your data.