New Training: Implement Conditional Access and Compliance Policies for Devices
In this 5-video skill, CBT Nuggets trainer James Conrad shows you how to implement, manage, and plan conditional access policies. Watch this new Windows 10 training.
Learn Windows 10 with one of these courses:
This training includes:
- 5 videos
- 46 minutes of training
You’ll learn these topics in this skill:
- Compliance Policy in Configuration Manager
- What Are Compliance Policies?
- Network Locations and Notifications
- Create a Compliance Policy
- Create a Conditional Access Policy
What Are the Primary Stages of Creating a Conditional Access Policy Plan?
Implementing Conditional Access Policies are a great way for organizations to enhance the security controls in accessing sensitive data or applications. Conditional Access Policies allow organizations to set up multi-factor access policies and enhanced security requirements at the application layer.
To create a Conditional Access Policy, organizations need to first outline what critical applications require enhanced multi-factor authentication. From there, organizations need to determine which users should have access to that application and what level of validation is required for that user to access that critical application.
As organizations build more detained access controls through Conditional Access Policies, they'll be able to configure such parameters such as device location, client application integration, and device state. By exploring all of the options within creating a Conditional Access Policy, organizations can customize their control access policies down to the granular user and application level.
Conditional Access Policies ensure that only devices that meet your organization's security requirements can access your Azure resources. Generally, you only allow devices that are considered "compliant" are allowed to access. For example, you can require that a computer with a disabled firewall is considered non-compliant. Optionally, a notification can be automatically emailed to the user, and a specified grace period allowed for the device to be brought into compliance. Thereafter, the non-compliant devices might be denied access.