Azure Active Directory Adds Conditional Access Support for Premises-Based Apps

Microsoft indicated today that its Azure Active Directory "Conditional Access" scheme for controlling user access to corporate apps now works with some premises-based apps.

The Conditional Access feature had its debut as a preview release in January. However, Microsoft described it back then as only being able to address "federated SaaS apps," such as Concur, or Google Apps for Work applications. Now it's possible to use the Conditional Access feature to control "supported on-premises apps." Currently, those supported premises-based apps include "SharePoint, Outlook Web Access and IIS based apps," according to Microsoft's announcement.

Conditional Access rules also can be set for custom line-of-business apps if those apps have been registered with Azure AD, according to the announcement.

The Conditional Access feature lets organizations set up multifactor authentication challenges for users trying to access specific applications. By "multifactor authentication," Microsoft means that end users will have to provide a secondary form of authentication besides entering a password to gain access. Typically, the user receives this secondary challenge via a phone call or a text message that gets automatically sent to a device.

Microsoft's Conditional Access feature is still at the preview stage right now, so it's not ready for use in production environments. In addition, when the feature does become enterprise ready, it will require having a subscription to the Azure AD Premium service.

Microsoft bundles its Azure AD Premium service into its Enterprise Mobility Suite licensing or it's available via a Microsoft Enterprise Agreement contract (which requires 250 or more users or devices to qualify). The Premium offering is also sold through Office 365 subscriptions.

Another stipulation for using the Conditional Access feature with premises-based apps is that it requires those apps to use the Azure AD Application Proxy service. Azure AD Application Proxy is reverse-proxy middleware that's used to authenticate access to Web apps or services. Using it also requires having Azure AD Premium licensing.

While the Conditional Access feature is still at the preview stage right now, meaning that it's just for available for testing purposes, Microsoft released its Azure AD Application Proxy service as a "general availability" finalized product back in December.

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.


  • Google IDs on Azure Active Directory B2B Service Now at 'General Availability'

    Microsoft announced on Wednesday that users of the Google identity and access service can use their personal log-in IDs with the Azure Active Directory B2B service to access resources as "guests."

  • Top 4 Overlooked Features of a Data Backup Strategy

    When it comes to implementing an airtight backup-and-recovery plan, these are the four must-have features that many enterprises nevertheless tend to forget.

  • Microsoft Bolsters Kubernetes with Azure Confidential Computing

    Microsoft on Tuesday announced various developments concerning the use of Kubernetes, an open source container orchestration solution fostered by Google.

  • Windows Will Have Support for Encrypted DNS

    Microsoft announced this week that the Windows operating system already has support for an encrypted Domain Name System option that promises to add greater privacy protections for Internet connections.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.