Azure Active Directory Adds Conditional Access Support for Premises-Based Apps

Microsoft indicated today that its Azure Active Directory "Conditional Access" scheme for controlling user access to corporate apps now works with some premises-based apps.

The Conditional Access feature had its debut as a preview release in January. However, Microsoft described it back then as only being able to address "federated SaaS apps," such as Concur, or Google Apps for Work applications. Now it's possible to use the Conditional Access feature to control "supported on-premises apps." Currently, those supported premises-based apps include "SharePoint, Outlook Web Access and IIS based apps," according to Microsoft's announcement.

Conditional Access rules also can be set for custom line-of-business apps if those apps have been registered with Azure AD, according to the announcement.

The Conditional Access feature lets organizations set up multifactor authentication challenges for users trying to access specific applications. By "multifactor authentication," Microsoft means that end users will have to provide a secondary form of authentication besides entering a password to gain access. Typically, the user receives this secondary challenge via a phone call or a text message that gets automatically sent to a device.

Microsoft's Conditional Access feature is still at the preview stage right now, so it's not ready for use in production environments. In addition, when the feature does become enterprise ready, it will require having a subscription to the Azure AD Premium service.

Microsoft bundles its Azure AD Premium service into its Enterprise Mobility Suite licensing or it's available via a Microsoft Enterprise Agreement contract (which requires 250 or more users or devices to qualify). The Premium offering is also sold through Office 365 subscriptions.

Another stipulation for using the Conditional Access feature with premises-based apps is that it requires those apps to use the Azure AD Application Proxy service. Azure AD Application Proxy is reverse-proxy middleware that's used to authenticate access to Web apps or services. Using it also requires having Azure AD Premium licensing.

While the Conditional Access feature is still at the preview stage right now, meaning that it's just for available for testing purposes, Microsoft released its Azure AD Application Proxy service as a "general availability" finalized product back in December.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


  • Microsoft Changes Privacy Platform Name to SmartNoise

    Microsoft Research has changed the name of its "differential privacy" platform from "WhiteNoise" to "SmartNoise," according to a Wednesday announcement.

  • Why Restarting a Failed SCVMM Job Might Be a Bad Idea

    Occasionally, restarting a failed System Center Virtual Machine Manager job can leave your virtualization infrastructure in an unknown state. Here's how to avoid that.

  • Microsoft Starts Delivery of Latest Windows 10 Feature Update to Surface Hub 2S Devices

    Microsoft last week announced that users of Surface Hub 2S videoconference screens soon will be getting the latest Windows 10 feature update.

  • Microsoft Joins MEF To Bolster Azure for Operators Services

    Microsoft has joined the MEF, a nonprofit industry association that aims to standardize various software-defined networking (SDN) technologies used by service providers and enterprises.

comments powered by Disqus