HomeWinBuzzer NewsMicrosoft Generally Releases Azure AD Conditional Access Policies

Microsoft Generally Releases Azure AD Conditional Access Policies

Azure AD conditional access is available on Windows, Android, and iOS, and gives admins the power to manage restrictions on corporate devices.


's Conditional Access for Azure AD first surfaced in July. Since then, a preview has come to iOS, Android, and Windows, and it's now generally available on those devices.

Azure AD Conditional Access essentially gives admins a lot more control. They can deny user logins based on MFA, device health, location, and detected risk. This makes it easier to keep corporate and user data safe.

Conditional Access Features and Applications

According to Alex Simmons, Director of Program Management at Microsoft, CA covers every application that authenticates with Azure AD.

You can expect it to work with the following applications:

  • Azure and Microsoft CRM
  • Every app in the gallery, including: ServiceNow,  Salesforce.com, Concur
  • On premises apps published via the Azure AD Application proxy
  • LOB apps registered with Azure AD

Enrolling devices in the policies varies depending on the OS. Windows domain joined devices register automatically. However, iOS and Android devices register when enrolled into Microsoft Intune.

According to a previous blog post by Simmons, policies make use of the following requirements:

Domain joined devices: You can set a policy to restrict access to devices that are joined to an on-premises Active Directory domain and are also registered with Azure AD. This policy applies to Windows desktops, laptops or enterprise tablets that belong to an on-premises Active Directory domain which have registered with Azure AD.

Compliant devices: You can set a policy to restrict access to devices that are marked compliant in the directory by the management system. This policy ensures that only devices that meet security policies such as enforcing file encryption on a device are allowed access.”

Microsoft is currently working on adding the Azure management portal and Office 365 portal to the service. The work is ongoing and “shouldn't take too long to complete.”

Users can start with CA today by going to the configure tab in the Azure Management Portal. There you'll see a “device based access rules” toggle.

You can read more about the capabilities here.

Ryan Maskell
Ryan Maskellhttps://ryanmaskell.co.uk
Ryan has had a passion for gaming and technology since early childhood. Fusing the skills from his Creative Writing and Publishing degree with profound technical knowledge, he enjoys covering news about Microsoft. As an avid writer, he is also working on his debut novel.

Recent News