Yes, absolutely, you could use either a KQL query to do the task and then render the results as you wish. You could also perform a flow with PowerAutomate.
Again, great video. Another question. When something is set to report only or monitoring mode, my understanding is it’s not enforcing yet, those modes are to give you an idea of the implications of your settings, if that is accurate, where do you then go to see those implications?
At least 3 places where you can check this: - From the Conditional Access homepage, go to monitoring OR - Check the sign-in logs from any users, and click on the Conditional Access: Reporting tab (which is CA monitoring mode) OR - From the Conditional Access homepage, activate Azure CA Monitoring (this step requires a bit of extra pre-work but is the most detailed option, however the 2 steps above are on by default and sufficient to check for CA implications)
Very Usefull vedios but the only thing i am missing here is The table of content. Like i want you to create a library where i can only find vedios on Intune. Another library with vedios of Azure AD and ETC.
Hey, Could you use InTune device compliance policies as another way filter access, for example you have to be signing in from a complaint device to access SharePoint or OWA ? Thanks.. Great Channel... Karl
@@AndyMaloneMVP One last follow up.. If I have Data classification & sensitivity labels could some labels be set to require only an compliant device or have some conditional access policies applied ? Thanks
@@KJA009 that’s a great suggestion actually. At present, not that I know of, but this is something that you could easily pass onto the Microsoft product group through the suggestions. And also check out Microsoft documentation and support.microsoft.com
Trying to think of a reason why you would set a device filter for a CA policy :-) Could be used to harden security even more I guess? (Like require employees to use a Dell laptop or else they'll get blocked), but seems a bit overkill? Just trying to find a specific situation where this would be amazing for
Hi Andy, thank you for the content, very informative. A question if you could help, please - when we add a trusted location on a Conditional Access policy, how does that work when a user is using a VPN? For example, a user is overseas and uses a VPN in order to connect to a Remote Desktop back in the office (trusted location). However, we do not want the user to access content (Cloud apps) on her local machine (which is overseas). Question: As she is connected to our office VPN, will Conditional Access recognise her location as overseas (then block access) or the office (trusted) location? Hope it is clear! Thank you again!
Great question. You need to use a trusted self generated certificate. Here is a great article to get you started. learn.microsoft.com/en-us/Windows-server/remote/remote-access/how-to-aovpn-conditional-access
Another extremely well simplified but yet powerful video
Very informative Andy, you gained a new subscriber!
Hi, could you do a video on conditional access and multi factor authentication policies for Guest/B2B users?
You almost caused me and my dog a heart attack at 10:31 😂 Good video again, thanks for this🎉
Great video. Can I use PowerBI to target the sign-in logs or audit logs to look at the data from a variety of angles not easily seen in the entra UI?
Yes, absolutely, you could use either a KQL query to do the task and then render the results as you wish. You could also perform a flow with PowerAutomate.
Really informative! Does Patreon have labs to get some hands-on experience?
Unfortunately, no, Patreon doesn’t provide labs. Sorry
Hi Andy, thank you for the video, very informative. During an Access Review, can users decide whether they access to a resource? Thank you so much
If they are permitted. Here’s a video that you’ll perhaps find useful th-cam.com/video/K5DxK0PoU18/w-d-xo.htmlsi=fmWwLCBUF5YAG2C9
Again, great video. Another question. When something is set to report only or monitoring mode, my understanding is it’s not enforcing yet, those modes are to give you an idea of the implications of your settings, if that is accurate, where do you then go to see those implications?
You're bang on correct :-)
At least 3 places where you can check this:
- From the Conditional Access homepage, go to monitoring
OR
- Check the sign-in logs from any users, and click on the Conditional Access: Reporting tab (which is CA monitoring mode)
OR
- From the Conditional Access homepage, activate Azure CA Monitoring (this step requires a bit of extra pre-work but is the most detailed option, however the 2 steps above are on by default and sufficient to check for CA implications)
Very Usefull vedios but the only thing i am missing here is The table of content. Like i want you to create a library where i can only find vedios on Intune. Another library with vedios of Azure AD and ETC.
Explore my playlists on my channel
Hey, Could you use InTune device compliance policies as another way filter access, for example you have to be signing in from a complaint device to access SharePoint or OWA ? Thanks.. Great Channel... Karl
Absolutely
@@AndyMaloneMVP One last follow up.. If I have Data classification & sensitivity labels could some labels be set to require only an compliant device or have some conditional access policies applied ? Thanks
@@KJA009 that’s a great suggestion actually. At present, not that I know of, but this is something that you could easily pass onto the Microsoft product group through the suggestions. And also check out Microsoft documentation and support.microsoft.com
Trying to think of a reason why you would set a device filter for a CA policy :-) Could be used to harden security even more I guess? (Like require employees to use a Dell laptop or else they'll get blocked), but seems a bit overkill? Just trying to find a specific situation where this would be amazing for
Guest device access
Hi Andy, thank you for the content, very informative. A question if you could help, please - when we add a trusted location on a Conditional Access policy, how does that work when a user is using a VPN?
For example, a user is overseas and uses a VPN in order to connect to a Remote Desktop back in the office (trusted location). However, we do not want the user to access content (Cloud apps) on her local machine (which is overseas).
Question: As she is connected to our office VPN, will Conditional Access recognise her location as overseas (then block access) or the office (trusted) location?
Hope it is clear! Thank you again!
Great question. You need to use a trusted self generated certificate. Here is a great article to get you started. learn.microsoft.com/en-us/Windows-server/remote/remote-access/how-to-aovpn-conditional-access
How to setup MFA for guest users b2b ,for experience cloud salesforce???
Create a conditional access policy for the salesforce app and assign it to guest users. Make sure it requires MFA. You’re good to go 😊
@@AndyMaloneMVP Thank you ..iam from 🇮🇳 India