Category Archives: Conditional Access

Conditional Access, Microsoft 365, Microsoft Endpoint Manager

HowTo: Ensure your end user are prompted for MFA when enrolling Windows 10 devices. Conditional Access to the rescue

December 10, 2020 Author Leave a comment

Sometimes you may come across special cases where either your customer or your own organisation might need to implement a solution which increases your security footprint. This post is no different and inspired from the MS-100 exam which I have recently taken and passed.

During the lab question I was asked how you would implement MFA for end user who want to enroll Windows 10 devices. So lets get to it…

Launch http://endpoint.microsoft.com and select Device + Conditional Access

Select New Policy

Provide your policy a “Name”
Select the user(s) or group(s) you want to apply the policy to
Click Cloud apps and actions – Click Select Apps and search then select Microsoft Intune Enrollment.

Under Grant – Select Require multi-factor authentication

Select on to enable the policy

Heres the process I had to go through to join a Windows 10 device to my tenant with MFA.

In the below screenshot is a configuration setting I have in my tenant for defining if devices are Corporate or Personally owned

All my corporate apps are now available for install.

Regards
The Author – Blogabout.Cloud

Azure, Conditional Access

Preventing unauthorized external access from home to your Microsoft Cloud applications with Conditional Access

December 13, 2019 Author Leave a comment

Did you know that you could prevent unauthorized access to your Microsoft Cloud applications with Conditional Access? When speaking with a customer recently I had been asked is it possible to prevent external access to their Cloud apps and the answer to that is yes. The customer didn’t want their staff accessing corporate data from their home laptops/desktops so in order to action this we will now switch over to the Microsoft Endpoint Manager Admin Portal.

https://devicemanagement.microsoft.com

Click Endpoint security –> Conditional access

Provide name to the Conditional Access Policy

Excluding the Global Admins to the tenant security group, we dont want to chop off our legs now

Now enable the policy 🙂 and as you can see from below you users is now prevented from login into the Office portal from an internet browser.

Regards
The Author – Blogabout.Cloud

Conditional Access, InTune

Windows Information Protection with Enrollment

October 4, 2019 Author 1 Comment

After a bit of recent investigate App Protection policies I have noticed a large chunk of information missing from Microsoft resources and other blog posts. I have recently experienced an issue where network boundaries were not configured correctly and I had to ensure that all applications that were being protected do not experience any issues access corporate resources.

It is recommended to use the following when adding a network boundary.

Type	Name	Value
Cloud Resources	Office 365	portal.office.com\|tasks.office.com\|protection.office.com\|meet.lync.com\|teams.microsoft.com
Cloud Resources	Outlook Online	outlook.office.com\|outlook.office365.com
Cloud Resources	AppCompat	/AppCompat/
Cloud Resources	SharePoint	contoso.sharepoint.com\|contoso-my.sharepoint.com\|contoso-files.sharepoint.com
Neutral Resources	Neutral	login.windows.net,login.microsoftonline.com
Cloud Resources	Yammer	www.yammer.com\|yammer.com\|persona.yammer.com

Intune App Protection – Advanced settings

This will provide all the required boundaries relevant to most Microsoft deployments.

Regards
The Author – Blogabout.Cloud

Cloud App Security, Conditional Access

Enabling Conditional Access App Control for featured apps

September 18, 2019 Author Leave a comment

Cloud App Security offers the ability to leverage Conditional Access for Exchange Online and SharePoint Online but how do we configure this functionality?

Let’s start with your Azure Portal and browse to Conditional Access –> New Policy

So as I previously mentioned this control only works for Exchange Online and SharePoint Online so you will need to select;

– Office 365 Exchange Online
– Office 365 SharePoint Online

Under Session, you need to select Conditional Access App Control and as you can see below we only have 3 options

– Monitor only (Preview)
– Block downloads (Preview)
– Use custom policy…

For the purpose of this post, I am going to just Monitor what happening their Cloud App Security to discover what’s happening within my tenancy.

Once the policy is enabled, sign into Exchange Online or SharePoint Online and you will be welcome by the below message. This demonstrates that Conditional Access App Control is now in place.