Microsoft Intune | Conditional Access

Balancing remote access to company data and accessibility for employees anywhere anytime is one of the major challenges faced by companies who use the cloud for their workload management. Conditional access is a policy-based tool used by Microsoft's Active Directory for managing permissions and access to network resources.

Conditional access in its simplest form is an IF-THEN statement; if users want to access the company's resources, they have to perform, let's say, a Multi-Factor Authentication (MFA) to access the resource. Using conditional access, you can ensure the accessibility of data whenever and the protection of company assets.

Suppose conditions or signals like user or group members, network (IP) location, Devices, etcetera occur. In that case, decisions like block access, grant access, force password change, required Terms of Use, etcetera, are enforced. Policies can be applied based on:

• User or group member - can be applied explicitly to single users or groups

• Network locations - you can create a trusted IP address range or specific areas for users to access remotely

• Applications - you can specify which application the conditional access will apply to

• Real-time and calculated risk detection - helps to identify risky sign-ins using real-time data

• Devices - devices with a specific platform and state or conditions can be granted or denied access. These conditions can be collected from different Mobile Threat Defense solutions

For more information on how to build your own conditional access policy, click here.

Conditional access applies to the desktop, mobile, and browser application, which supports modern authentication and targets specific client apps like email that only support legacy (basic) authentication. Modern authentication is web-based with a single sign-on feature that supports multi-factor authentication. Legacy authentication is the one that doesn't require a second layer of verification.

The standard policies that are applied include:

• Multi-factor authentication requirement for administrators and users before accessing any sensitive resources of the company

• Requiring to be in a secure location to sign in and access data

• Granting or blocking access when devices meet the compliance conditions

• Require company-issued devices to install specific applications etc...

How can we help you better utilize conditional access?

Better MTD is a Mobile Threat Defense Solution that supports integration with Microsoft Intune. With Microsoft's Azure AD (Active Directory) conditional access feature, it is easier to manage company data without bothering the end-user as much.

By setting up and customizing your policies on Microsoft Intune, our MTD solution helps collect real-time data from mobile devices. Information about the device's health, application, and network status are monitored and sent regularly to the Better Console. The acquired from Better MTD helps decide whether the devices under those policies are compliant or not.