Azure AD Services Microsoft Official

Azure AD Conditional Access per app MFA and Network Location policies have been moved to general availability (GA). Microsoft made the announcement yesterday. The company says demand for the service has already been high and consumers can now take advantage of the full release.

Customers using Azure AD Conditional Access have more admin control. The policy evaluation works on MFA, device health, location, and detected risk. Microsoft adds that some of its customer partners are already using the service:

“Of note, quite a few customers of the customers we’ve been working directly with in public preview are already using these policies in the production environment and getting a ton of value from them. The Conditional Access policy engine is built to allow admins maintain control in a cloud-first, mobile-first world. Conditional Access policy evaluation can be based on device health, MFA, location and detected risk.”

Conditional-Access-Azure-AD-Microsoft-Official

It supports the following policies set per-application:

Always require MFA, Require MFA when not at work, Block access when not at work.

Conditional Access for Corporate Networks

Using the MFA and Network Location policies, admins can create Conditional Access policies for SharePoint. This is important because it means users will need to be part of the corporate network to access the service. Getting into SharePoint from outside a network will result in authentication failure and the device being blocked.

With corporate network access, users can get to SharePoint from any device.

“Over the last few months, we’ve been working closely with our early adopter customers and Microsoft’s own IT department to help them deploy Conditional Access in production. We’ve received a ton of positive feedback from them on how the extra security provided by these policies gave them the confidence to accelerate their adoption of cloud services.”

Conditional Access is functional across browser apps, rich client apps, phone apps, and on premises apps. Microsoft says the feature is available on services such as Office 365 Exchange and SharePoint, Dynamics CRM, and Yammer.