Issue link: https://insights.oneneck.com/i/1482798
January 2020 16 Azure AD Conditional Access enables enforcement of a variety of policy decisions. Common examples include blocking sign-ins involving legacy authentication protocols, access from specific locations, or other high-risk criteria. Other commonly applied policies include granting access to a requested resource but requiring MFA, or requiring a mobile device to have an approved app or be marked as compliant using Microsoft Intune, a cloud-based tool for enterprise mobility management. For example, Conditional Access can enforce policies that require MFA for systems administrators or for those seeking to perform Azure management tasks. In addition to enforcing policies for granting or blocking access, Azure AD Conditional Access can enforce session-control policies that limit what users can do with their access. For example, a Conditional Access policy can limit access to SharePoint and OneDrive content from unmanaged devices. In this scenario, users are given browser-only access to the app with no ability to sync, download, or print files. The goal in supporting policies for limited access is to ensure users have an opportunity to remain productive while minimizing security risks. How strong identity management provides a foundation for 'Zero Trust' security