How to analyze Conditional Access Policies with ‘Report Only’ Mode?

Conditional Access Polices can be setup in 3 main modes. On/ Off/ Report Only.

On and Off modes are self explanatory where “Report Only” mode needs additional work. This post will go in detail on how to use the Report Only mode before you actually switch to ON.

Continue reading “How to analyze Conditional Access Policies with ‘Report Only’ Mode?”

Why Azure AD Continues Access Evaluation is Important?

Continues Access Evaluation or CAE is still in preview, but it has proven to refresh the near-real time refresh for Conditional Access Policies.

Ideally this is a very helpful feature in the world of Identity and Access Management, because there are frequent attacks happening and the IdAM Admins need to take action quickly.

Some actions including Reset user password, adding or removing Trusted IPs and specially when the user is moving from location to location and when the Conditional Access policies to govern the trusted locations.

Usually the token expiration and refresh interval is 1 hour and ideally when a client application that is Modern Authentication aware tries to connect, the API requests are authorized using OAuth 2.0 access tokens.

Every hour, when they are due to refresh, it reevaluates the user state, policies in order to enforce what’s in the policy.

The client app redirects back to the Azure AD to refresh the token and according to the user state, the new token will make sure whether the user access to be blocked or to be allowed.

Continue reading “Why Azure AD Continues Access Evaluation is Important?”

Automate Cross Tenant Resource Access With Azure AD Entitlement Management

With the Azure AD Identity Governance feature “Entitle Management” it is easier to automate the access requests, set expiry dates, justify why a user needs access and get the load out of the IT admins.

Azure B2B collaboration is a hot topic these days and the end result should be stresses access from the end user’s end, however security is a concern and who gets the right access is a consideration.

The feature I’m testing today is not specifically related to internal users, but it will be helpful in managing Guest User access to resources.

Continue reading “Automate Cross Tenant Resource Access With Azure AD Entitlement Management”