What is Conditional Access?

Ollie Le Prevost
Author
3rd November 2021
Digital Transformation & Cloud

Cloud Solutions – Conditional Access

What is Conditional Access?

Conditional access utilises signals to make decisions and enforce organisation policies. They are, at their core, if-then statements. For example, if a user wishes to complete an action, like sign-in to an application, then they must go through a multi-factor authentication verification.

Why Conditional Access?

The modern security approach now extends beyond an organisation’s network to include both user and device identities.

Conditional access policies can be utilised as part of your approach to modern day security best practices of zero trust. At its simplest, zero trust adoption requires a mindset of “assuming breach”.

This means that you should always assume your network, device, user, or application has been breached and there is a malicious threat.

If you adopt this mindset you can look to minimise damage and reduce lateral movement of a threat through several means, including network segmentation, granting just enough rights to identities, only when they need it and verifying access explicitly.

Common Signals

Conditional access can take many different signals into account when making a policy-based decision, some of which include:

  • User or group membership
    • Target specific users and groups
  • IP or GEO location
    • Allow or block traffic from specific IP addresses, or even entire countries and regions.
  • Device
    • Target specific device platforms (like Windows or iOS) and their specific state (e.g. compliant with the organisation’s security requirements)
  • Applications
    • Trigger different policies and requirements based on which app the access attempt is being made to
  • Real-time and calculated risk detection
    • Identify risky sign-in behavior (e.g. suspicious travel) or potentially risky accounts (e.g. leaked credentials) to apply certain actions.
  • Defender for cloud apps
    • Control not only the access, but the activities allowed once access is granted (e.g. block downloads of corporate data) by monitoring and controlling access and sessions in real time.

Common Decisions?

Common decisions used based on signals include:

  • Blocking access
  • Grant access
    • But require multi-factor authentication
    • But require the sign-in to come from a certain IP address
    • But require the device to be marked compliant with the organisations requirements.

Why Resolution IT?

Here at Resolution IT our expert trained consultants have tried and tested a multitude of different policies based on different signals and decisions.

With our experience we can assess your environment and requirements to build a conditional access approach which is prudent and provides a clear and practical security benefit whilst not inhibiting the utility of technology beyond acceptable means.

For those where security is of paramount importance, we can also deploy a stricter approach which acts as a defence in depth measure.

Who to contact?

[email protected]

[email protected]

Ollie Le Prevost

Ollie heads up our Cloud Solutions team, designing and maintaining our cloud services baselines and ensuring we offer the most cutting-edge technologies to our clients. Ollie is involved in transitioning clients to the cloud, architecting and maintaining cloud environments and working with clients to develop IT roadmaps.

Ollie specialises in Microsoft cloud technology and has prior experience working at a leading offshore law firm. He achieved a triple distinction in his Level 3 IT diploma.

For Ollie, the best part about working at Resolution IT is being able to work with such a great team.

Career opportunities

If you’re looking for your next career move and seeking opportunities offering professional development, rewards and success, then come and talk to us at Resolution IT.

Ready to begin a partnership with us?

Contact Form

"*" indicates required fields

Send us a message

This field is for validation purposes and should be left unchanged.