TrustGuide

Guides and hows, tips for everyone

Conditional Access Office 365 – Top How-to Tips

by Leave a Comment

As an administrator, you can determine who can access Office 365 while denying entries from unwanted accounts on your system. This function can be found in the Azure AD Conditional Access in order to enforce organizational policies.

Toggling conditional access Office 365 can be very helpful when you need to give access to new computers and user accounts or remove an account from the resources, including Office 365 or other applications requiring Microsoft Azure login.

Wait no more; let’s find out how to manage conditional access to Office 365!

https://dirteam.com/sander/wp-content/uploads/sites/2/2020/10/Office365ConditionalAccess.png

Common Signals

Conditional access includes the following signals to initiate a policy decision. Before establishing conditional access Office 365, you should keep them in mind while making changes.

  • User or group membership: contains data and administration rights of specific users and accounts for access.
  • IP Location: includes trusted IP address for policy decisions. It can also be used to block traffic from specific countries or regions.
  • Device: Filter users with specific platforms, which then enforces conditional access policies. Targeted policies also affect privileged access workstation
  • Application: Different applications can initiate multiple conditional access policies.
  • Real-time & risk detection: Using Azure AD Identity Protection, Conditional Access can identify risky sign-in attempts to block and force users to change passwords, use multi-factor authentication or warn administrators to take manual measures.
  • Microsoft Defender for Cloud Apps: Monitors access and sessions in real-time, providing visibility and control to administrators within the cloud environment.

https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4Mvu1?ver=330c&q=90&m=2&h=2147483647&w=2147483647&b=%23FFFFFFFF&aim=true

Decisions

  • Block access: Upon seeing violations in the system rules, restriction measures will be applied, guarding access against the suspected user or account.
  • Grant access: Using matched authentication methods such as multi-factor, approved device, Hybrid Azure, client app, or app protection policy to grant access to the user.

Configuration

As default, granting access is restricted to Windows 10 devices only. Azure Active Directory must be integrated with MDM before initiating. First, you need to create the policy on the Azure Portal; then, you can apply the policy on MDM.

Step 1: Creating a policy on the Azure Portal

  • Login to Azure Portal using your account credentials.
  • Go to Azure Active Directory -> Security -> Conditional Access.
  • To establish the Conditional Access Policy, click +New policy.
  • Once a policy name has been entered, choose Users and Groups under Assignments.
  • Here, specify which users or groups this conditional access policy should apply to.
  • Select Done.

Under Assignments:

  • Choose one of the Cloud actions or apps.
  • Choose Office 365 (which contains these apps) from the list above, or indicate any additional apps or services you want to use this Conditional Access policy to secure.
  • Select Done.
  • Pick Conditions from the Assignments section.
  • Select the platforms you want this Conditional Access policy to apply by clicking Device Platforms.
  • Select Done.

IMPORTANT: Microsoft Azure allows third-party MDM programs to only offer access to enrolled Windows 10 devices while preventing access to any other device platforms.

  • Pick Grant under Access controls.

Set the circumstances that will cause the action to be taken. Make sure the required device to be marked as compliant is selected and click Grant access.

  • Select On under Enable policy, then click Create.

Step 2: Approving the policy

  • Navigate to Device Management -> Office 365 on the MDM console (under Conditional Access).
  • Click Integrate to integrate your Azure Active Directory if you haven’t already.
  • Click the Apply Policy button found in the Access Policy view to continue.

The system will mark all enrolled Windows 10 devices in the Device Details view, in which users can login to Azure and access Office 365 using these devices. Unenrolled devices will be marked Non-compliant and restricted from accessing Azure.

Within a systematic server, it is recommended to enroll the list of Windows 10 devices via Windows Azure Autopilot enrollment.

To remove conditional access, follow these steps:

  • Navigate to Device Management -> Office 365 on the MDM console (under Conditional Access).
  • Click Stop Policy in the Office 365 Conditional Access policy’s Access Policy window.

Once the policy is stopped, selected devices will no longer have access to Office 365, but can still be toggled. To completely disable the policy, follow these steps:

  • Go to Azure Active Directory -> Security -> Conditional Access after logging in to Azure Portal with your account credentials.
  • Find and choose the policy you wish to delete from Azure right now.
  • Select Off under Enable policy, then click Save.

This will guarantee that the policy is completely withdrawn, allowing access to Office 365 and any other apps that were added when the Conditional Access policy was created for all previously chosen users and groups.

Conclusion

With this article, we hope that you have learned how to work with conditional access Office 365. Feel free to share with your friends, and if you find this article useful, check out our site for more helpful tips!

Thank you for reading!

Leave a Reply

Your email address will not be published. Required fields are marked *