January
2020
15
Policy-based access
Organizations need ways to restrict access to applications
and systems in certain circumstances, such as gating access
to an enterprise application based on signals associated with
user and device identity. When user, device, or session risk is
detected, access policies can decide whether to block access to
a requested resource or impose additional requirements, such
as MFA, for granting access.
Azure AD Conditional Access can enforce access policies for
applications using signals from a variety of different sources,
including Azure AD Identity Protection, Microsoft Cloud App
Security, and Azure Advanced Threat Protection. These signals
include user or group identity information, IP location data,
device type or state, the kind of application or resource being
accessed, and real-time login and session risk data. Policies
to block or allow access can be targeted to specific groups or
users, IP address ranges, specific platforms and applications,
and sign-in behavior.
How strong identity management provides a foundation for 'Zero Trust' security
