Configure Azure AD Conditional Access in Under 10 minutes? Let's try it

แชร์
ฝัง
  • เผยแพร่เมื่อ 20 ธ.ค. 2024

ความคิดเห็น • 21

  • @MrMarcLaflamme
    @MrMarcLaflamme 2 ปีที่แล้ว +6

    The look of confusion and mental juggling going on at the 3:00 mark (and again at 6:00) when trying to figure out what the policy is going to do is my whole experience with CA because of its backwards building nature. A security tool this powerful and useful shouldn't involve puzzles.
    Also, is there a centralized place to get the results of the Report Only policies or do you just need to look at the user sign-in's details?

    • @theCMC
      @theCMC  2 ปีที่แล้ว +1

      I believe it’s a case of using the Sign In reports and analytics. Good question though, I’ll take a look.

    • @theCMC
      @theCMC  2 ปีที่แล้ว +3

      😂 I had the opportunity to edit out the utter confusion, but I thought it added to the realism

    • @MrMarcLaflamme
      @MrMarcLaflamme 2 ปีที่แล้ว +1

      @@theCMC Glad you kept it in because it helps us viewers relate to a similar situation.

    • @aaken6556
      @aaken6556 ปีที่แล้ว +1

      so.. why is it backwards? is this an error on MS part?

    • @theCMC
      @theCMC  ปีที่แล้ว +2

      I think it’s a UI issue on that configuration screen.

  • @durraaltai2669
    @durraaltai2669 ปีที่แล้ว +3

    How do I restrict access for Corp. users on Weekends? I want all users not to use laptops on weekends? Via Intune. Thank you

    • @theCMC
      @theCMC  14 วันที่ผ่านมา

      Appreciate this is an old question! Sorry 😢
      You can use Quiet Time in Intune to enforce times that are not possible to access apps.

  • @danpowell7421
    @danpowell7421 2 ปีที่แล้ว +1

    Great vid, I've got lazy recently (or a lot more productive) and have started to use the templates for enabling CA
    I never saw the point in registering for secure info requiring MFA if MFA is enforced for everyone?

    • @theCMC
      @theCMC  2 ปีที่แล้ว +1

      Yeah I can’t see how that helps. Perhaps it ensures that MFA is definitely required when adding additional strong auth methods. It’s possible that the “MFA for everyone” policy has some exclusions or could allow a bypass in certain circumstances. Adding it to this policy explicitly means that it will be required? I dunno.

    • @CloudIdentity
      @CloudIdentity ปีที่แล้ว +1

      You want to prevent an attacker from compromising a user who has NOT setup MFA yet, and getting their password to be able to setup the attackers strong authentication. The attacker with just the password could then setup strong authentication methods and complete MFA to satisfy other policies that require MFA. This way the CA policy would require Password + coming from a trusted network OR being able to do strong authentication to manage the authentication methods. It's the securing the bootstrapping scenario, which is where the Temporary Access Pass (TAP) comes in since it's a purpose issued credential and can be set to be used 1 time only to setup strong auth methods. I password spray Jim, get his password, and Jim is on vacation and hasn't setup MFA yet, so I setup MFA on his account that I control, and now I can satisfy MFA for other CA policies. Adding the security info CA policy for that action helps mitigate that.

  • @MegaNatebreezy
    @MegaNatebreezy 10 หลายเดือนก่อน

    I manage a lot of clients and my biggest fear with conditional access is causing user disruption. For example: when I turned on MFA, I didnt realize it would sign users Outlook settings and we had a lot of calls. Report only sounds somewhat promising but doesnt necessarily show if the user will be receiving any prompts on their end. Is there a recommended way of approaching this?

  • @willrun4fun
    @willrun4fun 3 หลายเดือนก่อน

    Has this changed some, or is it my licensing different that I don't see any options for Devices.

    • @notta3d
      @notta3d 14 วันที่ผ่านมา +1

      Of course its changed. Changes with p*ss poor documentation. Every single day is a learning adventure with this stuff. Gets so frustrating.

    • @theCMC
      @theCMC  14 วันที่ผ่านมา

      So, so true.

  • @Marcelk86
    @Marcelk86 ปีที่แล้ว +3

    hm, so you basically created just all the policies without knowing what they do in detail. Don´t see the value in the video?

    • @theCMC
      @theCMC  ปีที่แล้ว +3

      Indeed. The idea behind this video was to show how easy it is to configure conditional access today. It was not a suggestion that you should go ahead and do that in production without understanding the impact of each policy.

  • @_Paxton
    @_Paxton 7 หลายเดือนก่อน +1

    Configure Azure AD Conditional Access WITH TEMPLATE in Under 10 minutes?

    • @theCMC
      @theCMC  7 หลายเดือนก่อน +1

      Yeah.

  • @prashanthambati7977
    @prashanthambati7977 ปีที่แล้ว

    Excellent☺

  • @patrick__007
    @patrick__007 2 ปีที่แล้ว +1

    Nice! 🤗