Azure Active Directory Adds Conditional Access Support for Premises-Based Apps

Microsoft indicated today that its Azure Active Directory "Conditional Access" scheme for controlling user access to corporate apps now works with some premises-based apps.

The Conditional Access feature had its debut as a preview release in January. However, Microsoft described it back then as only being able to address "federated SaaS apps," such as Concur, or Google Apps for Work applications. Now it's possible to use the Conditional Access feature to control "supported on-premises apps." Currently, those supported premises-based apps include "SharePoint, Outlook Web Access and IIS based apps," according to Microsoft's announcement.

Conditional Access rules also can be set for custom line-of-business apps if those apps have been registered with Azure AD, according to the announcement.

The Conditional Access feature lets organizations set up multifactor authentication challenges for users trying to access specific applications. By "multifactor authentication," Microsoft means that end users will have to provide a secondary form of authentication besides entering a password to gain access. Typically, the user receives this secondary challenge via a phone call or a text message that gets automatically sent to a device.

Microsoft's Conditional Access feature is still at the preview stage right now, so it's not ready for use in production environments. In addition, when the feature does become enterprise ready, it will require having a subscription to the Azure AD Premium service.

Microsoft bundles its Azure AD Premium service into its Enterprise Mobility Suite licensing or it's available via a Microsoft Enterprise Agreement contract (which requires 250 or more users or devices to qualify). The Premium offering is also sold through Office 365 subscriptions.

Another stipulation for using the Conditional Access feature with premises-based apps is that it requires those apps to use the Azure AD Application Proxy service. Azure AD Application Proxy is reverse-proxy middleware that's used to authenticate access to Web apps or services. Using it also requires having Azure AD Premium licensing.

While the Conditional Access feature is still at the preview stage right now, meaning that it's just for available for testing purposes, Microsoft released its Azure AD Application Proxy service as a "general availability" finalized product back in December.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


  • Blue Squares Graphic

    Microsoft Previews Azure IoT Edge for Linux on Windows

    Microsoft announced a preview of Azure IoT Edge for Linux on Windows, which lets organizations tap Linux virtual machine processes that also work with Windows- and Azure-based processes and services.

  • How To Automate Tasks in Azure SQL Database

    Knowing how to automate tasks in the cloud will make you a more productive DBA. Here are the key concepts to understand about cloud scripting and a rundown of the best tools for automating code in Azure.

  • Microsoft Open License To End Next Year for Government and Education Groups

    Microsoft's "Open License program" will end on Jan. 1, 2022, and not just for commercial customers, but also for government, education and nonprofit organizations.

  • Dealing with a Hyper-V VM That's Stuck on Screen

    A three-keystroke solution to a problem that has no discernible cause.

comments powered by Disqus