More news today from the Azure AD product group: Conditional Access is extended to be used in the Azure Portal. But wait: have you ever used Conditional Access? If not, try to perform a search in my blog for “Conditional Access”, or simply click this link, https://systemplus.gr/?s=conditional+access and you’ll get a lot of information about this feature.
So to stick back to the news, it’s now possible to create Conditional Access policies in order to better secure access to the Azure Portal. Previously, the only way to do this, was by enforcing Multi-factor Authentication. Although it works, MFA is sometimes related to frustration by the user, so there must be another way to secure access. Now it’s possible to allow access to Azure portal only under certain conditions (sign-in risk, location, device) and from trusted devices.
Here is how it works: you should create a new Conditional Access policy for a new cloud app named “Microsoft Azure Management”. This policy will apply to all Azure management options we have: portals, ARM provider, even PowerShell will be affected.
And then you can specify the components of this new policy, like devices, users, sign-in risk, trusted IPs, etc.
But please be careful, it’s easy to lock yourself out if you specify the wrong conditions in the policy!
The exact same concept applies to another cloud app called “Microsoft Teams”, part of the Office 365 family. Practically, by configuring a new conditional access policy here, you can secure the data in Teams and prevent leakage on untrusted devices. It’s important to note that Conditional Access policies created for Exchange Online and SharePoint Online cloud apps also affect Microsoft Teams as the Teams clients rely heavily on these services for core productivity scenarios such as meetings, calendars and files.
Thanks for your time!