Pro User
Timespan
explore our new search
First Look: Microsoft Entras Automatic Conditional Access Policies
Microsoft Entra
Nov 8, 2023 2:30 AM

First Look: Microsoft Entras Automatic Conditional Access Policies

by HubSite 365 about Peter Rising [MVP]

Microsoft MVP | Author | Speaker | YouTuber

AdministratorMicrosoft EntraM365 AdminLearning Selection

Explore Microsoft Entra’s Automatic Conditional Access policies! Enhance safety with multifactor authentication for admin access and risky sign-ins.

An Overview of Automatic Conditional Access Policies in Microsoft Entra

On the 6th of November, Microsoft launched Automatic Conditional Access policies within its software solution, Microsoft Entra. The video by Peter Rising [MVP] explores this pivotal announcement and demonstratively walks you through its implications. To enhance understanding, it provides a guide on what to anticipate with this innovation.

 

 

In an era where digital threats have eroded technological trust, these fresh cyber defenses couldn't have come at a better time. Microsoft relentlessly pursues cyber resilience, with over 10,000 committed security analysts analyzing more than 65 trillion signals daily. Their significant insights broadly shape the cybersecurity landscape.

As an integral part of this mission, Microsoft unveils its Microsoft-managed policies, accessible to Microsoft Entra tenants globally. These Conditional Access policies enforce multifactor authentication, effectively curbing compromise risks by an impressive 99.22%, according to a recent study.

At inception, Microsoft rolled out three principal policies, offering to improve organizational security. These include: Multifactor authentication for admins accessing Microsoft Admin Portals and per-user multifactor authentication users, and Multifactor authentication and reauthentication for risky sign-ins.

Administrators can readily find these policies under Protection > Conditional Access > Policies in Microsoft Entra admin center. They can also modify the State (On, Off, or Report-only) and the Excluded identities (Users, Groups, and Roles) in the policy. It is highly encouraged to exclude break-glass or emergency access accounts from these policies as one would do with other Conditional Access policies.

Microsoft will activate these policies no less than 90 days after their introduction if left in the Report-only state. Administrators, however, can choose to enable them at their discretion.

These policies are designed to allow administrators to make simple adjustments, like excluding users or turning the report-only mode on or off. As they become more familiar with the Conditional Access policy, they have the option to duplicate the policy and make custom versions.

Over time, the software giant may adjust these policies to leverage new features and functionalities to enhance their efficiency. Such adjustments are based on the evolving threat landscape.

Each conditional access policy covers various user groups and enforces multifactor authentication. Notably, these policies target Microsoft Entra ID P1 and P2 tenants where security defaults are not enabled. They further initiate multifactor authentication and reauthentication for risky sign-ins, targeting users with anomalies in their sign-in patterns.

More detailed information on risk definitions can be found in the content 'What are risk detections'.

Administrators can view the policy impact on sign-ins in order to understand the policies' efficacy. Further, they can sift through the Microsoft Entra sign-in logs to note how these policies impact their organizational operations.

Conditional Access, a notable feature of Microsoft Entra, allows organizations to enforce access security requirements. Common applicability includes enforcing multifactor authentication, device configuration, and network location requirements.

These policies operate on the logical if-then principle. For instance, if you're an administrator and want to access a Microsoft admin portal, it demands multifactor authentication to confirm authenticity.

Administrators are free to make more alterations to these policies by duplicating them. The resulting policy can be configured just like any other Conditional Access policy, with a starting point rooted in Microsoft's recommendation.

Moving forward, this innovation permits organizations to deploy other commonly used policies from templates and utilize the Conditional Access report-only mode.

Note: The original video and associated comments can be viewed [here]().

Implications of Microsoft Entra's Conditional Access Policies

Microsoft Entra's newly launched Conditional Access policies represent a significant stride in bolstering global cybersecurity. These multilayered security measures offer robust protection against ever-evolving digital threats. By enforcing multifactor authentication, they limit the risk of security breaches and affirm technological trust. Organizations worldwide can now operate with an assured level of protection, fostering their mission towards building a safer digital ecosystem.

 

Read the full article Automatic Conditional Access policies in Microsoft Entra - First look!

Microsoft Entra - First Look: Microsoft Entras Automatic Conditional Access Policies

Learn about Automatic Conditional Access policies in Microsoft Entra - First look!

 

The recent announcement by Microsoft about Automatic Conditional Access policies in the Microsoft Security Suite has sparked interest among tech enthusiasts. These policies are a part of Microsoft's endeavor to reinforce cybersecurity, reduce the risk of compromise, and foster digital peace. In this write-up, we'll delve into the key elements of the announcement, commencing with the understanding of the Automatic Conditional Access policies.

The introduction of Microsoft-managed policies is a key component of Microsoft's drive to safeguard its users. Essentially, these policies automate and simplify the process of setting up conditional access and impose multi-factor authentication procedures. Multi-factor authentication has been proven to drastically diminish the risk of security breaches, according to a recent study.

Microsoft has rolled out three primary policies in the early phase, which are designed to noticeably enhance the security posture of an organization. The policies involve multi-factor authentication for administrators accessing the admin portals, users who are set for per-user multi-factor authentication, and those attempting sign-ins that the system deems risky.

 

  • Admin Portal Access: For those identified as heavily privileged in 14 specific administrator roles, performing a multi-factor authentication is mandatory while accessing the admin portals. The policy primarily focuses on Security Suite ID P1 and P2 tenants.
  • Per-user Multi-authentication: This policy emphasizes users with per-user MFA configuration, a policy no longer suggested by Microsoft. It mandates all such users perform multi-factor authentication for all cloud applications. This policy targets Entra ID P1 and P2 tenants.
  • Risky Sign-ins: Covering all users, this policy calls for MFA and reauthentication whenever a sign-in is deemed high-risk. High-risk sign-ins refer to unusual behaviors like abnormal travel patterns, password spray threats, or dubious token issues. The policy exclusively targets Cybersecurity Suite ID P2 tenants.

 

The effects of these policies are visible in the "Policy impact on sign-ins" section. Administrators can inspect the Microsoft Security Suite sign-in logs for a detailed evaluation of the enacted policies. Adding specific filters can narrow down the insights. Furthermore, administrators can view policy implementation and its effects on individual users by selecting the Conditional Access tab.

At its core, Conditional Access is a feature within the Security Suite designed to enforce security prerequisites when accessing resources. This often involves imposing multi-factor authentication, device configuration, or network location demands.

Administrators might want to further refine these policies. One of the ways is by creating custom versions of the policy using the "Duplicate" button in the policy list view. From deploying other commonly used policy templates to using the report-only mode for the Conditional Access, administrators have many options available in enhancing their organizational security.

The Microsoft Security Suite's Automatic Conditional Access policies herald a new era in cloud-platform security, offering robust protections while simplifying the process for administrators. It provides more confidence and control over the cybersecurity terrain, and it's a step forward to a safer, more secure digital space.

 

More links on about Automatic Conditional Access policies in Microsoft Entra - First look!

Automatic Conditional Access policies in Microsoft Entra ...
1 day ago — Microsoft-managed Conditional Access policies provide clear, self-deploying guidance. Customers can tune the policies (or disable them ...
What is Conditional Access in Microsoft Entra ID?
Oct 23, 2023 — Conditional Access policies at their simplest are if-then statements; if a user wants to access a resource, then they must complete an action.

Keywords

Microsoft Entra, Conditional Access policies, Automatic Policies, Cloud Security, Microsoft Security, Access Management, Identity Protection, Azure Active Directory, Data Protection, Entra First Look