L'conditional access is a set of policies and configurations that control which devices registered and compliant with the management solution have access to various services and data sources. In the Microsoft environment, Conditional Access works with the Microsoft Product Suite Office 365 as well as SaaS applications configured in Azure Active Directory.
Why do we need conditional access?
As IT has moved to a more cloud centric model, it has become difficult to control access to the documents and data that an organisation depends on to run its business. Previously, all IT teams had to do was keep the content behind the corporate firewall. Thus, access was controlled by the network owner. Also, the computers on the network were still owned and controlled by the company. In today's model, devices can be owned by the company, the user or a third party (e.g. suppliers and partners).
How conditional access works
Conditional Access from Azure AD relies on signals from the enterprise AD domain or Microsoft Intune to inform the system of the status and reliability of the device before it can access data. Regarding mobile devices (iOS, Android, Windows) must be registered in Intune, which provides the security policy settings and verifies that the device is not rooted or jailbroken. As for PCs Windows, they must be associated with the company's AD domain, where policies and governance are applied.
If a user's device is not compliant with these policies, a conditional access will guide the user on how to make the device compliant so that access to the requested data can be enabled. This guide is designed to allow the user to self-provision, so that no technical support calls or IT intervention is required.
Note that conditional access is only possible for devices Windows 10 only. Thus conditional access for iOS or Android devices is only supported with Microsoft Intune.
Have your computers not yet been migrated to Windows 10?
It is not too late to do things right, we suggest you use the System Center Configuration Manager (SCCM) for a homogeneous and controlled deployment of your workstations Windows 7, 8 to Windows 10. Do not hesitate to contact us if you need help in this task.
Previously, conditional access was configured in the Microsoft portal Intune. With the transition of the service Intune in the Azure portal. Conditional access for SaaS applications (including Office 365) is managed by Azure Active Directory directly. However, the conditional access of an infrastructure Exchange On-Premises is always done via Microsoft Intune.
Note that conditional access to SaaS applications (O365) requires a Azure Active Directory Premium license.
Let's go further together!
Need help setting up conditional access in your company? Our technical consultants are experts in this field. Call us today to find out how we can help you or write to us.