Conditional access in Azure AD
Strengthen security and reduce costs with Microsoft Entra
Hear Joy Chik, Microsoft Corporate Vice President for Identity, share the latest identity and access announcements in governance, workload identities, strong authentication, and new tools for upgrading from Active Directory Federation Services (AD FS) to Azure AD.
What is conditional access?
Conditional access is an intelligent policy engine that helps organizations better control how users access corporate resources.
Enforce access controls with adaptive policies
Bring together real-time signals such as user context, device, location, and session risk information to determine when to allow, block, or limit access, or require additional verification steps.
Help protect data inside applications
Monitor and control sessions, application access, and sensitive data across your organization in real time based on user behavior in apps, both on-premises and in the cloud.
Restrict access for vulnerable and compromised devices
Use conditional access policies to check the device health and security posture of registered devices and ensure only healthy and trusted devices can access your corporate resources.
How conditional access works
Conditional access takes in over 40 TB of identity-related security signals and analyzes them using machine learning to determine the appropriate policy to apply to a resource.
Conditional access capabilities in Azure AD
Build adaptive access polices
Manage security controls with custom-built conditions to block access, require multifactor authentication, or restrict a user’s session only when needed.
Monitor access and enforce policies in session
Help ensure post-authentication protection with in-session monitoring and access control policies.
View in report-only mode
Use report-only mode to monitor the impact of policies before enforcement to fine-tune access policies before rollout.
Fine-tune access policies with actionable guidance
Get a security report that identifies opportunities for improvement and provides recommendations.
Conditional access capabilities are available with an Azure AD Premium P2 subscription:
- Azure AD Premium P2 is included with Microsoft 365 E5 and offers a free 30-day trial.
- Azure and Office 365 subscribers can buy Azure AD Premium P2 online.
Related Azure AD features
Help safeguard access to data and apps and keep authentication simple for users.
Simplify sign-in without the inherent risks of using passwords.
Connect your workforce to all your apps from any location using any device.