Conditional Access– Planning and Implementing Authentication

27/01/202327/01/2023| Christine AlbertConditional Access– Planning and Implementing Authentication| 0 Comment| 4:03 am
Categories :

Conditional access provides the most fine-grained control when managing the MFA requirements for your organization. Conditional access policies can be configured from the Azure portal.

To access the Conditional access configuration page, follow these steps:

  1. Navigate to the Azure portal (https://portal.azure.com).
  2. Select Azure Active Directory | Security | Conditional Access, and then choose Policies.

You can create new policies or use one of the 14 Microsoft-provided sample Conditional Access policy templates. Policies created by the template can be modified once they have been deployed to your tenant.

To configure a template-based policy, follow these steps:

  1. From the Conditional Access | Policies page, select New policy from template (Preview).

Figure 7.9 – Creating a new Conditional Access policy from a template

2. Select one of the templates, such as Require multifactor authentication for all users, and click Review + create.

Figure 7.10 – Selecting a template

3. Review the settings and click Create.

Policies created through the templates cannot be modified during creation, with the exception of the enforcement mode. All template-based policies are configured in Report only mode, which can be toggled during creation. The user creating the policy is excluded from the policy to prevent accidental lock-out.

After the template policies have been configured, you can edit the scope and conditions for the policy like you would with manually created policies.

Further reading

For more information on Conditional Access templates, see here: https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-policy-common.

With the exception of Windows Hello, password-less sign-in methods (such as the Microsoft Authenticator app or FIDO2 security keys) will require users to register for MFA.

Implementing and managing authentication methods

After selecting an appropriate authentication mechanism that meets your organization’s business requirements and configuring MFA requirements, you can begin deployment.

Exam note

Full deployment and configuration of these methods are outside the scope of the MS-100 exam, but it would be good to spend a little bit of time following the docs for deeper dives into the product documentation.

Let’s go through an overview of the configurations necessary to enable password-less authentication methods.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Post

Investigating and resolving authentication issues– Planning and Implementing Authentication

24/12/202324/12/2023 Christine AlbertInvestigating and resolving authentication issues– Planning and Implementing Authentication
Resolving authentication issues in Azure AD can be tricky, due to the number of authentication [...]
Read MoreRead More

FIDO2 security keys– Planning and Implementing Authentication

01/04/202301/04/2023 Christine AlbertFIDO2 security keys– Planning and Implementing Authentication
Physical tokens, such as the Fast Identity Online 2 (FIDO2)-based token or security key, are [...]
Read MoreRead More

The Azure AD portal– Planning and Managing Azure AD Identities

03/04/202103/04/2021 Christine AlbertThe Azure AD portal– Planning and Managing Azure AD Identities
Bulk operations can also be performed through the Microsoft Azure AD portal. In contrast to [...]
Read MoreRead More