Azure AD Conditional Access and Network Location policies now available

Reading time icon 1 min. read


Readers help support MSPoweruser. When you make a purchase using links on our site, we may earn an affiliate commission. Tooltip Icon

Read the affiliate disclosure page to find out how can you help MSPoweruser effortlessly and without spending any money. Read more

Azure AD

Microsoft yesterday announced the availability of Azure AD Conditional Access per app MFA and Network Location policies. The new Conditional Access policy engine allows admins maintain control. Conditional Access policy evaluation can be based on device health, MFA, location and detected risk. It supports the following policies to be set per-application:

  • Always require MFA
  • Require MFA when not at work
  • Block access when not at work.

The MFA and Network Location policies are applied across all devices. Admins can now create a Conditional Access policy for SharePoint that requires users to be on their corporate network to access the service. If a user tries to access SharePoint from outside their iPhone when they are off of the corporate network their authorization fails and they get blocked.

Conditional Access is an Azure AD premium feature, requiring per-user licenses for users accessing apps that have had policy applied. Find more info about it here.

More about the topics: azure, Azure Active Directory, Azure AD, conditional access, ga, microsoft, Network Location policies