Azure Active Directory Conditional Access Service Now Available

Microsoft this week announced that its Azure Active Directory conditional access service for applications has reached "general availability" status.

In essence, Microsoft is signaling that the ability to set up multifactor authentication challenges to users of various Azure AD-managed applications is now ready for commercial use in production environments. This capability was at the preview stage last month for Exchange Online and SharePoint Online users. A multifactor challenge is a secondary identity challenge beyond a password, such as a response to an instant message or automated phone call.

Applications or services that use so-called "modern authentication" can work with this multifactor authentication security-challenge scheme. By modern authentication, Microsoft means that the application or service is capable of using the Active Directory Authentication Library to support user sign-ins. Microsoft maintains a list of those applications in this article.

Examples of applications and services that are supported using the new Azure AD conditional access approach include some Office 365 services (Exchange, SharePoint and Yammer) and Dynamics CRM. Federated and single sign-on apps in the Azure AD application gallery also are supported. Premises-based apps are supported if they are managed using Azure AD or the Azure Application Proxy service.

IT pros can set policies using Azure AD conditional access. Those policies "can be based on device health, MFA, location and detected risk," according to Microsoft's announcement. Various actions can be enforced. Organizations have the option to compel multifactor authentication before granting application access. Alternatively, they can set conditions, such as requiring multifactor authentication only when at work. It's also possible to block access when the user isn't at work.

To use Azure AD conditional access, Microsoft is requiring the purchase of Azure AD Premium subscriptions with per-user licensing. If a user tries to use Azure AD conditional access but isn't licensed to use it, Microsoft reports that information in an "unlicensed usage report."

Microsoft also recently published new "getting started" document for organizations.

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.


  • Microsoft Ending Azure Container Service Support in 2020

    Microsoft gave notice earlier this month that it will be ending its Azure Container Service on Jan. 31, 2020.

  • Microsoft Releases Surface Diagnostic Toolkit for Business

    Microsoft released a new tool, Surface Diagnostic Toolkit for Business, earlier this month, providing a means for IT pros to find and troubleshoot problems on Microsoft Surface devices.

  • How To Enable Guest Access for Office 365

    While it's possible to give outside users access to certain content in your organization's Office 365 environment, the process of setting them up requires a few extra steps.

  • Microsoft Now Supports OpenSSH in Windows Server 2019

    Microsoft announced on Tuesday that the OpenSSH solution used for remote management is now a supported "Features on Demand" addition in both Windows 10 version 1809 and Windows Server 2019.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.