L'conditional access is a set of policies and configurations that control which devices registered and compliant with the management solution have access to various services and data sources. In the Microsoft environment, conditional access works with the Office 365 product suite, as well as with SaaS applications configured in Azure Active Directory.
Why do we need conditional access?
As IT has moved to a more cloud centric model, it has become difficult to control access to the documents and data that an organisation depends on to run its business. Previously, all IT teams had to do was keep the content behind the corporate firewall. Thus, access was controlled by the network owner. Also, the computers on the network were still owned and controlled by the company. In today's model, devices can be owned by the company, the user or a third party (e.g. suppliers and partners).
How conditional access works
Conditional Access of Azure AD relies on signals from the enterprise AD domain or Microsoft Intune to inform the system of the status and reliability of the device before it can access data. For mobile devices (iOS, Android, Windows), they must be enrolled in Intune, which provides the security policy settings and verifies that the device is not rooted or jailbroken. As for Windows PCs, they must be associated with the company's AD domain, where policies and governance are applied.
If a user's device is not compliant with these policies, a conditional access will guide the user on how to make the device compliant so that access to the requested data can be enabled. This guide is designed to allow the user to self-provision, so that no technical support calls or IT intervention is required.
Note that conditional access is only possible for devices Windows 10 only. Thus conditional access for iOS or Android devices is only supported with Microsoft Intune.
Have your computers not yet been migrated to Windows 10?
It is not too late to do things right, we suggest you use the System Center Configuration Manager (SCCM) for a homogeneous and controlled deployment of your workstations Windows 7, 8 to Windows 10. Do not hesitate to contact us if you need help in this task.
Previously, conditional access was configured in the Microsoft portal Intune. With the move of the service Intune into the Azure portal. Conditional access for SaaS applications (including Office 365) is managed by Azure Active Directory directly. However, conditional access to an Exchange On-Premises infrastructure is always done via Microsoft Intune.
Note that conditional access for SaaS applications (O365) requires a license Azure Active Directory Premium.
Let's go further together!
Need help setting up conditional access in your company? Our technical consultants are experts in this field. Call us today to find out how we can help you or write to us.
