I’ve talked and written a lot about vision of “Identity as the New Control Plane”.
This is based on the idea that as more and more of a company’s digital resources live outside the corporate network, in the cloud and on devices, that a great cloud based identity system is the best way to maintain control over and visibility into how and when users access corporate applications and data.
The conditional access system in Azure AD Premium and the Enterprise Mobility + Security suite is the engine that makes this control plane vision a reality. It gives you, the enterprise admin, the ability to create policy based access rules for any Azure AD-connected application (SaaS apps, custom apps running in the cloud or on-premises web applications). Azure AD evaluates these policies in real-time, and enforces them whenever a user attempts to access an application.
Simon May and I just filmed a short ~10 minute video for On Microsoft Mechanics, where we discuss Azure AD’s Conditional Access system and the many improvements we’ve made recently which you’ll find below. In the video I demonstrated the improved user experience, how company data is protected without impacting productivity and the improvements we’ve made to the IT admin experience.
Contextual controls and the unified administration experience
One of the biggest improvements we’ve made is an expanded set of contextual controls so you can adjust user access based on type of app, specific user permissions, where the app is accessed from, and if the user is using a compliant device.
We’ve also made it easier to implement these controls with the new unified administration experience in the Azure Portal, which provides an all-in-one admin experience across Azure AD and Microsoft Intune.
Now you can establish multiple policies per app, share policies across applications, or set default policies globally for your whole tenant. And when you set risk-based conditional access controls, machine learning will be continuously safeguarding access to your apps and data in real-time.
Alex Simons (Twitter: @Alex_A_Simons)
Director of Program Management
Microsoft Identity Division