From the course: Microsoft Security Essentials: Concepts, Solutions, and AI-Powered Protection
Microsoft Entra Conditional Access - Microsoft Security Copilot Tutorial
From the course: Microsoft Security Essentials: Concepts, Solutions, and AI-Powered Protection
Microsoft Entra Conditional Access
- [Instructor] Conditional Access in Microsoft Entra ID helps you effectively manage resource access to meet your business and security needs. For example, you can use Conditional Access in these scenarios: require MFA for all users, require password changes for high-risk users, block access to an app from unsupported device platforms. Microsoft Entra Conditional Access provides three key functions, analyzing signals from various sources, making decisions on resource access, and enforcing organizational policies. Here's a diagram from Microsoft, which describes the process of Conditional Access. First, it collects all kinds of signals, such as identities, risk, devices, applications, location, and the network. Then it evaluates access attempts to decide whether to allow, block, restrict access, or require additional actions, such as requiring MFA. Finally, it enforces the access decision to apps and the resources. To use Conditional Access, you need to create policies. In a nutshell, policies are like if/then statements. If a condition is met, then make a decision. A Conditional Access policy has two parts, assignments and access controls. Within the Assignments section, you can specify users, groups, or service principals who are included or excluded from this policy, target resources this policy applies to, such as applications, services, user actions, and the global secure access, network and the location where the user is signing in, and the conditions that define when this policy will apply. As you can see, the Assignments section defines who the policy affects, what resources it applies to, where access happens, and why it should be enforced. Within the Access Control section, you can define how the policy is enforced, including blocking access to target resources, granting access with options to apply one or more controls, for example, requiring multifactor authentication, and enabling session control for a limited experience with a cloud app, like asking a user to sign in again after an hour of log-in. Now let's look at Conditional Access. in the Microsoft Entra admin center. Click Policies. Let's select a policy, for example, require MFA to access Azure DevOps. Under Assignments for Users, this policy includes all users. For target resources, it selects the app Azure DevOps. For network, this policy includes any network or location. Under Conditions, it checks the signals of user risk. When a user risk level is high or medium, the policy will be enforced. Under Access controls, this policy grants access, but it requires multifactor authentication. For Session control, It asks a user to sign in again after being logged in for over an hour.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
Identity and access security with Microsoft Entra3m 48s
-
Microsoft Entra ID: Identity management4m 19s
-
Microsoft Entra ID: Hybrid identities2m 26s
-
Microsoft Entra ID: Authentication methods3m 47s
-
Microsoft Entra ID: Password management2m 50s
-
Microsoft Entra ID: Multifactor authentication (MFA)3m 27s
-
Microsoft Entra Conditional Access3m 58s
-
Microsoft Entra roles and role-based access control (RBAC)4m 29s
-
Microsoft Entra ID Governance3m 34s
-
Microsoft Entra access reviews3m 12s
-
Microsoft Entra Privileged Identity Management (PIM)3m 45s
-
Microsoft Entra ID Protection2m 48s
-
Microsoft Entra Permissions Management3m 11s
-
Microsoft Entra Global Secure Access5m 32s
-
-
-
-
-
-
-
-
-
-
-