Conditional Access Explained

Upgrade Your Server Strategically to Avoid Penalties

Gina Montgomery
Gina Montgomery

Recently, we have heard a lot of buzz from our customers around conditional access questions and requirements. We understand that securing access to company resources is vital to every organization. With the explosion of available cloud services and mobile devices, the way in which users access company resources has certainly changed. This requires a new approach to security.

Microsoft is investing in their conditional access platform framework and now has a few different solutions available through Azure Active Directory, Intune, and SCCM.

Azure Active Directory (AD) – Conditional access control capabilities in Azure Active Directory offers simple ways for companies to secure resources in the cloud and on-premises. Conditional access policies can be used to help protect against the risk of stolen and phished credentials, by requiring multi-factor authentication, as well as helping to keep company data safe, by requiring an Intune-managed device granting access to sensitive services. Azure Active Directory Conditional Access is a feature of Azure AD Premium. All users who access an application with conditional access policy applied must have an Azure AD Premium license.

Conditional Access with Azure AD Licensing Requirements

Azure Active Directory Conditional access is a feature of Azure AD Premium. All users who access an application with conditional access policy applied must have an Azure AD Premium license. Azure AD Premium may be purchased stand-alone or a part of the bundled Enterprise Mobility and Security Suite (formally EMS). Contact your local Connection representative for a quote or more information.

IntuneIntune allows you to restrict access to your company email and other Office 365 services with conditional access. Intune’s conditional access capabilities allow you to secure access to your company’s email and other Office 365 services by restricting access to devices that are compliant with the rules that you have configured.

Compliance policies can be configured within Intune to evaluate the compliance of the device based on your organization’s unique needs while conditional access policies restrict or allow access to a specific service. When a conditional access policy is used in combination with a compliance policy, an even stronger security posture can be created for users. In this scenario, only compliant devices will be allowed to access the services that have Conditional Access policies in place.

Conditional Access with Intune Licensing Requirements

Microsoft Intune may be purchased stand-alone or as part of the bundled Enterprise Mobility + Security Suite (formally EMS). Contact your local Connection representative for a quote or more information.

Popular Use Cases for Conditional Access

Use conditional access to manage access to the following services:

  • Microsoft Exchange On-premises
  • Microsoft Exchange Online
  • Exchange Online Dedicated
  • SharePoint Online
  • Skype for Business Online
  • Dynamics CRM Online

Using bundled Microsoft technology to enforce conditional access is also possible. Example: System Center Configuration Manager with Intune, Azure AD, and Exchange Online.

System Center Configuration Manager (SCCM) may be used in conjunction with Exchange Online and Microsoft Intune to create a conditional access scenario. This allows you to manage email access and protect email data on mobile devices that are BYOD or company-owned.

To get started with this scenario you will need to:

  • Create the compliance policies that define the rules and settings that a device must comply with in order to be considered compliant by conditional access polices.
  • Begin enforcing conditional access.
  • Optionally, configure the Exchange Server connector for Exchange Online This connector is required for reporting purposes only. It is not required to enable conditional access.

In this scenario, different Microsoft technologies all play a role in the conditional access policy and execution:

  • Microsoft Intune: Manages compliance and conditional access policies that you configure for enrolled devices
  • Microsoft Azure Active Directory: Authenticates users against your services and checks device compliance status
  • Configuration Manager: Manages your users’ device enrollments and provides reporting
  • Exchange Online: Enforces or denies access to company email based on the device’s compliance status

About Connection’s Microsoft Cloud Services

Connection, a Microsoft Cloud Productivity Gold Partner, offers a full portfolio of services around Microsoft’s Enterprise Mobility + Security Suite (EMS) to help your organization get up and running. Microsoft’s EMS helps keep your employees productive on their favorite apps and devices while keeping your company data protected. Contact an Account Manager for information on:

  • Discovery Sessions (Demonstrations and Discussions)
  • Deployment Planning Services (Microsoft Software Assurance Benefits – DPS)
  • Planning Engagements
  • POCs
  • Deployment Services
  • Azure AD Premium
  • Intune
  • Azure Information Protection (ARM)
  • Advanced Threat Analytics

Gina Montgomery

Gina Montgomery (MCSA, MCTS, MCP, V-TSP) blends thought leadership with new growth initiatives and plays a critical role in identifying and analyzing business development opportunities that build solutions and drive Microsoft Cloud Services opportunities for Connection. Along with driving value-creating insights, making recommendations and bundling solutions across Microsoft technologies, she oversees Connection's Microsoft Cloud Services Practice and consults in the Microsoft Productivity & Collaboration space. Gina's background as a SharePoint and Cloud evangelist coupled with her seasoned speaker experience at technology conferences all over the country make her a trusted leader and adviser for architecting SharePoint, Office 365 and Azure solutions as well as Enterprise Mobility and Security Strategies. As she continues to plan and implement successful cloud offerings and business solutions that maximize an organization’s IT investment, Montgomery also directs her focus on new strategic Cloud initiatives for Connection’s sales team to bring to market. In her free time, she enjoys spending time with her family as an avid football mom, “wannabe” golfer, and hunter of seashells.