Azure Active Directory Adds Conditional Access Support for Premises-Based Apps
Microsoft indicated today that its Azure Active Directory "Conditional Access" scheme for controlling user access to corporate apps now works with some premises-based apps.
The Conditional Access feature had its debut as a preview release in January. However, Microsoft described it back then as only being able to address "federated SaaS apps," such as Concur, Salesforce.com or Google Apps for Work applications. Now it's possible to use the Conditional Access feature to control "supported on-premises apps." Currently, those supported premises-based apps include "SharePoint, Outlook Web Access and IIS based apps," according to Microsoft's announcement.
Conditional Access rules also can be set for custom line-of-business apps if those apps have been registered with Azure AD, according to the announcement.
The Conditional Access feature lets organizations set up multifactor authentication challenges for users trying to access specific applications. By "multifactor authentication," Microsoft means that end users will have to provide a secondary form of authentication besides entering a password to gain access. Typically, the user receives this secondary challenge via a phone call or a text message that gets automatically sent to a device.
Microsoft's Conditional Access feature is still at the preview stage right now, so it's not ready for use in production environments. In addition, when the feature does become enterprise ready, it will require having a subscription to the Azure AD Premium service.
Microsoft bundles its Azure AD Premium service into its Enterprise Mobility Suite licensing or it's available via a Microsoft Enterprise Agreement contract (which requires 250 or more users or devices to qualify). The Premium offering is also sold through Office 365 subscriptions.
Another stipulation for using the Conditional Access feature with premises-based apps is that it requires those apps to use the Azure AD Application Proxy service. Azure AD Application Proxy is reverse-proxy middleware that's used to authenticate access to Web apps or services. Using it also requires having Azure AD Premium licensing.
While the Conditional Access feature is still at the preview stage right now, meaning that it's just for available for testing purposes, Microsoft released its Azure AD Application Proxy service as a "general availability" finalized product back in December.
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.