Azure AD Conditional Access for Office 365 (Exchange and SharePoint Online) Preview Release

Yesterday Microsoft announced one of the most awaited feature for Office 365, “Azure AD Conditional Access Preview” for SharePoint Online and Exchange.

What is Conditional Access and What it is for ?

Security has been one of the key elements in systems for decades but for the present time it needs to be much more comprehensive than ever before with the evolvement of the cloud and mobile era. With the rise of devices used by a person and the ability to access corporate resources from anywhere in the world, there is a massive demand of securing corporate resources. Ultimately the latest strategies of securing corporate resources are defined by the new ways which users are used to accessed them.

Microsoft has taken another big leap of security capabilities with this release today. Azure Active Directory Conditional Access Features Allows you to secure and manage your corporate resources in simple ways in cloud or even on premise. If you want to ensure an stolen user credential or unmanaged device will not harm your corporate resources, Azure AD Conditional Access if made for you.

clip_image001

How is the access Enforced

Generally when a user signs in to a service, Azure Active Directory checks whether the security inputs of this user meets the access requirements you defined. and if the requirements are met, user will be authorized to access the service or application.

The enforcement can be done in two ways. You can define policies to configure the access either way, for users or devices.

  • User based Access (Control who you want to allow access)

User Attributes – User Attributes level can be used to define policies of which users can access organization’s resources.

Group Membership of a User – or either based on the Group/Groups of user which he/she represents in.

Multifactor Authentication (MFA) – Multifactor Authentication can be configured to ensure better security. User has to provide more than one factor (Password) which could be either a PIN or Phone Number. That ensures extra level of security for your organization’s resources.

Sign-in and User Risk – This capability known as “Conditional Access Risk Policies” comes with Azure AD Identity protection. This will allow you to track unusual sign in activities and risk events based on the access trends and implement advance protection. Global and Multi-region companies will benefit a lot with the capability.

  • Device Based Access (Control what you want to allow access)

Enrolled Devices – Using Microsoft Intune, you can use Device Level Access to control only MDM (Mobile Device Management) Enrolled devices are allowed to access resources. Intune is capable to validate if the device is enrolled with MDM. Also device level access will ensure that only the matched devices with the policies (such as force file encryption on a granted device) you have configured are allowed to access. Even you can flush out the content of a device remotely which was stolen or misused using MDM solutions.

The best part is, It’s not just limited to the cloud, you can also use device based access policies to control your on premise resources or even cloud based SaaS or line of business applications.

What does this Preview Brings you?

This release is a much awaited capability for most of the organizations and a huge step on the Access Policy framework. Conditional Access for CRM and Yammer been already there but Specially for SharePoint and exchange, the call has been ringing there for quite long time.

These three conditions are released for SharePoint and Exchange online as preview. Microsoft Recommends to enable these policies alongside risk based conditional access policy available with Azure Identity Protection.

  • Always require MFA
  • Require MFA when not at work
  • Block access when not at work

Conditional Access Policies are supported in Browser based access to Exchange Online, SharePoint Sites and OneDrive and even for Desktop Applications that uses modern authentication mechanisms.

Across the mobile devices, these are the tested desktop and mobile applications connects to Exchange and SharePoint so far by Microsoft.

  • For Windows 10, Windows10 Mobile, Windows 8.1, Windows 7 and Mac
  • Outlook, Word, Excel and PowerPoint in Office 2016
  • Outlook, Word, Excel and PowerPoint in Office 2013 (with modern authentication enabled)
  • OneDrive Sync Client (with modern authentication)

For IOS

  • Outlook Mobile App

Resources:

Detailed Explanation of Azure Ad Conditional Access

Conditional Access Policy Support for Mobile Devices

Original Announcement

SharePoint 2016 Beta Exam is out

IF you are an IT Professional dealing with SharePoint for more than 4 years in your day to day work this is a good chance to try Managing SharePoint 2016 Exam for free. Exam Code is 70-339, Managing Microsoft SharePoint Server 2016. If you have experience in SharePoint product portfolio and other dependent products such as Windows Server, SQL Server, IIS and Network Infrastructure for more than 4 years, you are ideal for this opportunity.

350 Beta seats are opened by Microsoft in first come first serve basis. You can register with the voucher code given and its only valid through 11th July 2016. Means you have to register and take the exam before that date.

The big idea behind the Beta program is to collect the feedback from the community about the exam content and elements.

To obtain the free exam, Insert the Beta Code (BETA339MCP) at the check out section and for some countries such as – India, China, Turkey, Pakistan, Vietnam. This exam will not be free.

Sources:

Born to Learn Blog

Preparation Guide 

How to prepare for a beta exam without materials