Azure Conditional Access

• Conditional Access is a tool that Azure Active Directory uses to allow or deny access to resources based on identity signals.
• These signals include
  • who the user is,
  • where the user is, and
  • what device the user is requesting access from.
  • what application that the user is trying to access.
• Conditional Access helps IT administrators:
  • Empower users to be productive wherever and whenever.
  • Protect the organization's assets.
• Conditional Access also provides a more granular multifactor authentication experience for users.
  • For example, a user might not be challenged for second authentication factor if they're at a known location.
  • they might be challenged for a second authentication factor if their sign-in signals are unusual or they're at an unexpected location.
• During sign-in, Conditional Access
  • Collects signals from the user,
  • Makes decisions based on those signals, and then
  • Enforces that decision by allowing or denying the access request or challenging for a multifactor authentication response.

When to use?

• Require multifactor authentication (MFA) to access an application depending on the requester’s role, location, or network.
• Require access to services only through approved client applications.
• Require users to access your application only from managed devices.
• Block access from untrusted sources,