Conditional Access: Manage access in a secure and user-friendly way

Security and user convenience are often in competition with each other. For example, access to company data and programmes is much easier with a username/password than if multifactor authentication (MFA, as known from online banking) is added as a security measure. On the other hand, protection with username/password has not been sufficient for a long time and with the introduction of MFA, 99% of cyber attacks can be successfully fended off. 

Azure AD Conditional Access (CA) solves this dilemma. With CA, you can control access to programmes and data depending on the threat level. For example, you can define these rules:

• User logs in from the internal company network > no MFA necessary.
• User logs in for the first time from outside the company network, e.g. from the home office > additional authentication by MFA necessary. MFA can then be dispensed with for the next seven days.  

What is conditional access?

Scenario: Whenever a user wants to access a resource, he or she must perform an action. As an example, let's take an accountant who wants to access the company's figures. To do this, he must perform a multi-level authentication. Here, administrators are faced with two tasks:

1.) Users should always remain productive and agile from anywhere.

2.) Corporate data, resources and applications must always be adequately protected when accessed.

This is exactly where conditional access policies come into play. With these, you can control access depending on the risk and confidentiality of data and programmes. At the same time, your employees are not unnecessarily hindered in their work and can continue to work productively. In the above example, the rule could be, for example: Only members of the Finance and Accounting group are allowed to access the financial data, and only when they are working in the company network. 

Condition, identity verification, access

The above example can be formulated in general terms: Depending on a condition (or a signal), access to certain programmes and/or data is granted, requires MFA or is denied. This graphic illustrates this relationship:

Important: Conditional access policies are always enforced when first-factor authentication (i.e. username/password) has been successfully completed.

In this article ► Conditional Access is explained to you again in detail

In this Clip ▼ you will learn the most important things in a nutshell

We are at your side when setting up Conditional Access

The security of our customers' IT infrastructures is very important to us. Numerous security projects and our Microsoft Security Competence in Gold are the best proof of this. You too can benefit from our know-how in the security sector and introduce Conditional Access in your company, so that you can take a decisive step forward with the security of your data.

Or find out about your company's data protection and security with our Cloud Security Assessment.