Author : MD TAREQ HASSAN | Updated : 2020/11/13
What is conditional access?
- Conditional Access is the tool used by Azure Active Directory to bring signals together, to make decisions, and enforce organizational policies
- Conditional Access policies at their simplest are if-then statements, if a user wants to access a resource, then they must complete an action
- Details: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/
Usage scenarios
- Only a perticular group of Azure AD should have access to web app
- Allow a group of users only for demonstration purpose before going live
- etc.
Prerequisites of applying conditional access
- Azure AD premium lisence
- Create Azure AD user
- Create Azure AD gorup
- App registration (WebApp needs to be registered)
Apply condional access
- Go to Azure AD: https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview
- Enterprise appllications > Select target application
- Security > Conditional access > ‘+ New Policy’
- Give a name i.e. SecurityGroupOnlyAccess
- Access control > Grant: Block access
- Assignments > users and Groups
- Include: All user
- Exclude: target user group i.e. Security group
- Create