Conditional Access

Azure AD Conditional Access is a powerful feature that helps organizations manage and secure access to their resources based on specific conditions. It enables granular control over access decisions, ensuring that only authorized users can access certain resources under specific circumstances.

Here are key features:

1. Verify Every Access Attempt

Every user access is assessed in real-time based on context like location, device compliance, and user risk, before granting or denying access.

2. Decision-Based Allow, Block, or Require MFA

Access decisions can be made based on conditions:
- Allow: Grant access if conditions are met.
- Block: Deny access if conditions aren't met.
- Require MFA: Enforce multi-factor authentication in high-risk scenarios.

3. Granular Control: Block IPs, Services, Networks, VPN Connections, or Tor Circuits

IP Restrictions: Block or allow access based on specific IP addresses.
Service Restrictions: Apply rules to specific services (e.g., requiring MFA for SharePoint access).
Network-Based Restrictions: Limit access to trusted networks.
VPN/Tor Restrictions: Block access from VPNs or Tor circuits to prevent masked or untrusted logins.

This ensures only authorized users can access resources under secure and appropriate conditions.

PreviousAuthentication Methods & Password Protection NextAzure AD Roles & RBAC

Last updated 10 months ago

hashtag2. Decision-Based Allow, Block, or Require MFA

hashtag3. Granular Control: Block IPs, Services, Networks, VPN Connections, or Tor Circuits

2. Decision-Based Allow, Block, or Require MFA

3. Granular Control: Block IPs, Services, Networks, VPN Connections, or Tor Circuits