{"id":16397,"date":"2020-08-12T06:38:31","date_gmt":"2020-08-12T06:38:31","guid":{"rendered":"https:\/\/www.testpreptraining.com\/tutorial\/?page_id=16397"},"modified":"2020-08-26T10:35:24","modified_gmt":"2020-08-26T10:35:24","slug":"building-a-conditional-access-policy","status":"publish","type":"page","link":"https:\/\/www.testpreptraining.ai\/tutorial\/building-a-conditional-access-policy\/","title":{"rendered":"Building a Conditional Access policy"},"content":{"rendered":"\n<p><a href=\"https:\/\/www.testpreptraining.ai\/tutorial\/exam-az-500-microsoft-azure-security-technologies\/\" target=\"_blank\" rel=\"noreferrer noopener\">Go back to AZ-500 Tutorials<\/a><\/p>\n\n\n\n<p>In this tutorial, we will learn and understand the Conditional Access policy, Assignments, and Access controls. However, a Conditional Access policy brings signals together for making decisions and enforcing organizational policies.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Requirement for Conditional Access Policy<\/strong><\/h4>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"982\" height=\"258\" src=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/08\/az500-docs-9.png\" alt=\"conditional access policy requirement\" class=\"wp-image-16420\" srcset=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/08\/az500-docs-9.png 982w, https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/08\/az500-docs-9-750x197.png 750w\" sizes=\"auto, (max-width: 982px) 100vw, 982px\" \/><figcaption>Image Source: Microsoft<\/figcaption><\/figure><\/div>\n\n\n\n<h5 class=\"wp-block-heading\"><strong>Assignments<\/strong><\/h5>\n\n\n\n<p>The assignments portion is responsible for controlling the who, what, and where of the Conditional Access policy.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\"><strong>Users and groups<\/strong><\/h5>\n\n\n\n<p>Users and groups have access for assigning who the policy will include or exclude. Moreover, this assignment can include all users, specific groups of users, directory roles, or external guest users.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\"><strong>Cloud apps or actions<\/strong><\/h5>\n\n\n\n<p>Cloud apps or actions have access to include or exclude cloud applications or even user actions that will be subject to the policy.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\"><strong>Conditions<\/strong><\/h5>\n\n\n\n<p>A policy can have multiple conditions.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\"><strong>Sign-in risk<\/strong><\/h5>\n\n\n\n<p>For organizations with Azure AD Identity Protection, for the risk detections generated there can influence your Conditional Access policies.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\"><strong>Device platforms<\/strong><\/h5>\n\n\n\n<p>Organizations with multiple device operating system platforms can enforce specific policies on different platforms. However, the information calculating the device platform comes from unverified sources like user agent strings that can be changed.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter\"><a href=\"https:\/\/www.testpreptraining.ai\/microsoft-azure-security-technologies-az-500-free-practice-test\" target=\"_blank\" rel=\"noopener noreferrer\"><img decoding=\"async\" src=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/08\/AZ_500-practice-tests-7.png\" alt=\"AZ_500 online course\"\/><\/a><\/figure><\/div>\n\n\n\n<h5 class=\"wp-block-heading\"><strong>Locations<\/strong><\/h5>\n\n\n\n<p>Location data is given by IP geolocation data. Moreover, the administrators can choose to define locations. Further, they can choose to mark some as trusted like those for their organization&#8217;s network locations.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\"><strong>Client apps<\/strong><\/h5>\n\n\n\n<p>Conditional Access policies by default&nbsp; apply to browser apps, mobile apps, and desktop clients that support modern authentication.<\/p>\n\n\n\n<p>However, this assignment condition gives access to Conditional Access policies for targeting specific client applications that are not using modern authentication. The applications include Exchange ActiveSync clients, older Office applications that do not use modern authentication, and mail protocols like IMAP, MAPI, POP, and SMTP.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\"><strong>Device state<\/strong><\/h5>\n\n\n\n<p>This control is for excluding the devices that are hybrid Azure AD joined, or marked a complaint in Intune.&nbsp;<\/p>\n\n\n\n<h5 class=\"wp-block-heading\"><strong>Access controls<\/strong><\/h5>\n\n\n\n<p>The access controls portion of the Conditional Access policy is for controlling how a policy is enforced.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\"><strong>Grant<\/strong><\/h5>\n\n\n\n<p>Grant provides administrators meaning for the&nbsp; policy enforcement where they can block or grant access.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\"><strong>Block access<\/strong><\/h5>\n\n\n\n<p>Block access can block access under the specified assignments. The block control is powerful and should be wielded with the appropriate knowledge.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\"><strong>Grant access<\/strong><\/h5>\n\n\n\n<p>The grant control triggers enforcement of one or more controls.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Firstly, it requires multi-factor authentication (Azure Multi-Factor Authentication)<\/li><li>Secondly, it require device to be marked as compliant&nbsp;<\/li><li>Thirdly, it require Hybrid Azure AD joined device<\/li><li>Then, it require approved client app<\/li><li>Lastly, it require app protection policy<\/li><\/ul>\n\n\n\n<p>Administrators can choose to need one of the previous controls or all selected controls using the following options. However, the default for multiple controls is to require all.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Firstly, it require all the selected controls<\/li><li>Secondly, it require one of the selected controls&nbsp;<\/li><\/ul>\n\n\n\n<h5 class=\"wp-block-heading\"><strong>Session<\/strong><\/h5>\n\n\n\n<p>Session controls can limit the experience<\/p>\n\n\n\n<h6 class=\"wp-block-heading\"><strong>Using app enforced restrictions<\/strong><\/h6>\n\n\n\n<ul class=\"wp-block-list\"><li>Firstly, it currently works with Exchange Online and SharePoint Online only.<\/li><li>Secondly, it passes device information for allowing control of experience granting full or limited access.<\/li><\/ul>\n\n\n\n<h6 class=\"wp-block-heading\"><strong>Using Conditional Access App Control<\/strong><\/h6>\n\n\n\n<ul class=\"wp-block-list\"><li>Firstly, using signals from Microsoft Cloud App Security to do things like:<\/li><\/ul>\n\n\n\n<ol class=\"wp-block-list\"><li>In this, blocking download, cut, copy, and print of sensitive documents.<\/li><li>Then, monitoring risky session behavior.<\/li><li>Lastly, requiring labeling of sensitive files.<\/li><\/ol>\n\n\n\n<h6 class=\"wp-block-heading\"><strong>Signing-in frequency<\/strong><\/h6>\n\n\n\n<ul class=\"wp-block-list\"><li>Skills to change the default sign in frequency for modern authentication.<\/li><\/ul>\n\n\n\n<h6 class=\"wp-block-heading\"><strong>Persistent browser session<\/strong><\/h6>\n\n\n\n<ul class=\"wp-block-list\"><li>Allowing users for remaining signed in after closing and reopening their browser window.<\/li><\/ul>\n\n\n\n<h5 class=\"wp-block-heading\"><strong>Simple policies<\/strong><\/h5>\n\n\n\n<p>A Conditional Access policy must have minimum the following to be enforced:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Firstly, the name of the policy.<\/li><li>Secondly, assignments<\/li><\/ul>\n\n\n\n<ol class=\"wp-block-list\"><li>It includes users and\/or groups to apply the policy to.<\/li><li>And, cloud apps or actions to apply the policy to.<\/li><\/ol>\n\n\n\n<ul class=\"wp-block-list\"><li>Thirdly, access controls<\/li><\/ul>\n\n\n\n<ol class=\"wp-block-list\"><li>This covers Grant or Block controls<\/li><\/ol>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-full\"><a href=\"https:\/\/www.testpreptraining.ai\/microsoft-azure-security-technologies-az-500-practice-exam\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" width=\"961\" height=\"150\" src=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/08\/AZ-500-online-course-6.png\" alt=\"Az-500 Online course\" class=\"wp-image-16403\" srcset=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/08\/AZ-500-online-course-6.png 961w, https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/08\/AZ-500-online-course-6-750x117.png 750w\" sizes=\"auto, (max-width: 961px) 100vw, 961px\" \/><\/a><\/figure><\/div>\n\n\n\n<p class=\"has-text-align-right\"><strong>Reference: <\/strong><a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/conditional-access\/concept-conditional-access-policies\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft Documentation<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/www.testpreptraining.ai\/tutorial\/exam-az-500-microsoft-azure-security-technologies\/\" target=\"_blank\" rel=\"noreferrer noopener\"><a href=\"https:\/\/www.testpreptraining.ai\/tutorial\/exam-az-500-microsoft-azure-security-technologies\/\" target=\"_blank\" rel=\"noreferrer noopener\">Go back to AZ-500 Tutorials<\/a><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Go back to AZ-500 Tutorials In this tutorial, we will learn and understand the Conditional Access policy, Assignments, and Access controls. However, a Conditional Access policy brings signals together for making decisions and enforcing organizational policies. Requirement for Conditional Access Policy Assignments The assignments portion is responsible for controlling the who, what, and where of&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":""},"categories":[],"tags":[],"class_list":["post-16397","page","type-page","status-publish","hentry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Building a Conditional Access policy | Microsoft Azure AZ-500 Tutorials<\/title>\n<meta name=\"description\" content=\"Upgrade your skills by learning about building conditional access policy using Microsoft Azure AZ-500 online course and practice exam Now!\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.testpreptraining.ai\/tutorial\/building-a-conditional-access-policy\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Building a Conditional Access policy | Microsoft Azure AZ-500 Tutorials\" \/>\n<meta property=\"og:description\" content=\"Upgrade your skills by learning about building conditional access policy using Microsoft Azure AZ-500 online course and practice exam Now!\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.testpreptraining.ai\/tutorial\/building-a-conditional-access-policy\/\" \/>\n<meta property=\"og:site_name\" content=\"Testprep Training Tutorials\" \/>\n<meta property=\"article:modified_time\" content=\"2020-08-26T10:35:24+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/08\/az500-docs-9.png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/building-a-conditional-access-policy\/\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/building-a-conditional-access-policy\/\",\"name\":\"Building a Conditional Access policy | Microsoft Azure AZ-500 Tutorials\",\"isPartOf\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#website\"},\"datePublished\":\"2020-08-12T06:38:31+00:00\",\"dateModified\":\"2020-08-26T10:35:24+00:00\",\"description\":\"Upgrade your skills by learning about building conditional access policy using Microsoft Azure AZ-500 online course and practice exam Now!\",\"breadcrumb\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/building-a-conditional-access-policy\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.testpreptraining.ai\/tutorial\/building-a-conditional-access-policy\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/building-a-conditional-access-policy\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Building a Conditional Access policy\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#website\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\",\"name\":\"Testprep Training Tutorials\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.testpreptraining.ai\/tutorial\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#organization\",\"name\":\"Testprep Training\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png\",\"contentUrl\":\"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png\",\"width\":583,\"height\":153,\"caption\":\"Testprep Training\"},\"image\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Building a Conditional Access policy | Microsoft Azure AZ-500 Tutorials","description":"Upgrade your skills by learning about building conditional access policy using Microsoft Azure AZ-500 online course and practice exam Now!","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.testpreptraining.ai\/tutorial\/building-a-conditional-access-policy\/","og_locale":"en_US","og_type":"article","og_title":"Building a Conditional Access policy | Microsoft Azure AZ-500 Tutorials","og_description":"Upgrade your skills by learning about building conditional access policy using Microsoft Azure AZ-500 online course and practice exam Now!","og_url":"https:\/\/www.testpreptraining.ai\/tutorial\/building-a-conditional-access-policy\/","og_site_name":"Testprep Training Tutorials","article_modified_time":"2020-08-26T10:35:24+00:00","og_image":[{"url":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/08\/az500-docs-9.png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/building-a-conditional-access-policy\/","url":"https:\/\/www.testpreptraining.ai\/tutorial\/building-a-conditional-access-policy\/","name":"Building a Conditional Access policy | Microsoft Azure AZ-500 Tutorials","isPartOf":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#website"},"datePublished":"2020-08-12T06:38:31+00:00","dateModified":"2020-08-26T10:35:24+00:00","description":"Upgrade your skills by learning about building conditional access policy using Microsoft Azure AZ-500 online course and practice exam Now!","breadcrumb":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/building-a-conditional-access-policy\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.testpreptraining.ai\/tutorial\/building-a-conditional-access-policy\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/building-a-conditional-access-policy\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.testpreptraining.ai\/tutorial\/"},{"@type":"ListItem","position":2,"name":"Building a Conditional Access policy"}]},{"@type":"WebSite","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#website","url":"https:\/\/www.testpreptraining.ai\/tutorial\/","name":"Testprep Training Tutorials","description":"","publisher":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.testpreptraining.ai\/tutorial\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#organization","name":"Testprep Training","url":"https:\/\/www.testpreptraining.ai\/tutorial\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/","url":"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png","contentUrl":"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png","width":583,"height":153,"caption":"Testprep Training"},"image":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/16397","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/comments?post=16397"}],"version-history":[{"count":3,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/16397\/revisions"}],"predecessor-version":[{"id":17878,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/16397\/revisions\/17878"}],"wp:attachment":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/media?parent=16397"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/categories?post=16397"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/tags?post=16397"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}