What is Conditional Access?

What is Conditional Access?

Not that long ago, there used to be servers on premise at every business. Staff used to log into their computers and authenticate through an active directory. And when people were working from home, they would use VPN.

But now we have hybrid setups — with employees working from anywhere — and these same measures won’t protect your company from cyberattacks. For that, you need to adopt a zero-trust model, which essentially means you assume that a breach is imminent.

And what is one of the best ways to enforce a zero-trust model when it comes to cybersecurity?

Conditional Access

Conditional Access is a technology that Microsoft developed in the Azure Active Directory. “Conditional Access policies at their simplest are if-then statements, if a user wants to access a resource, then they must complete an action,” according to Microsoft.

So how does it work? Here’s an example: say you set up your conditional access so that it only allows staff to log into computers that the network identifies. This means that any employees who try to log into the network from an unauthorized computer — even if they have the password and login info — won’t be able to do so. That’s because your device hasn’t met the criteria to log in.

Another example: say someone steals your computer. If the IP address is not known, they won’t be able to authenticate and sign in.

You can set up any number of conditions as part of your policy, including trusted IP addresses, blocking access from certain locations, and requiring the computer have no more than two patches to update, just to name a few. You can also apply a variety of decisions, from completely blocking access, to requiring another action, such as multi-factor authentication.

Conditional Access is an essential part of an overall cybersecurity policy. Contact us to learn more about how to set up conditional access in your organization.