Photo by Jeffrey Dungen on Unsplash
Azure AD with Conditional Access
Is It Real?
Terminal devices increasingly reside outside the corporate network and can be reasonably trusted on there to access applications and resources – if they use VPNs, multiple-factor authentication (MFA), and certificates. However, if the application, parts of the infrastructure, or the data itself are not on the internal network, a VPN is not a very elegant approach, to put it mildly.
The catch is that the VPN configuration is installed once only – presumably along with a certificate – on a user's smartphone or PC to provide the return channel to the corporate network. Does anyone actually check whether the certificate matches the device, if it has been sniffed, or even if the device is still in use by the user who originally commissioned it? The same applies to the intended use of VPN tunnels: Does the tunnel follow the intended route or does the process have anomalies?
Defining Trust
If all of your devices, users, apps, and resources operate in the cloud, anomalies are easier to detect, and checking for the normal state is simpler. A learning process that can reliably certify correct and trusted access or identify risks is thus possible. You need to be able to verify that certain conditions for access are met, depending on what object is to be accessed, before you can allow, say, a mailbox to be opened by an email client on a computer outside the corporate network. The mindset behind this is "zero trust," and it follows the approach of looking closely at a person's access context and making a decision according to the results of the check: The mailbox is then either opened or it remains locked.
Numerous aspects can be checked in the process: Whether the user is known and has completed MFA at login, whether the device is familiar or even considered "healthy," whether the user and device can be matched to a region that corresponds to the work location by IP
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Manage guest accounts in Azure Active Directory
Cross-tenant access settings and user-friendly Access Reviews simplify the management of guest accounts in Azure Active Directory. -
Setting up and using Azure Active Directory
Azure Active Directory from Microsoft provides advanced, centralized authentication in the cloud. We show what this powerful system can do. -
App Proxy support for Remote Desktop Services
Support flexible working environments with Remote Desktop Services and Azure AD Application Proxy. -
Zero trust planning and implementation
The many facets of the zero trust implementation process can be a source of frustration, which is why we offer a step-by-step guide to implementing zero trust models to help you make state-of-the-art IT security become a reality. -
New security features in Windows 10
With each version of Windows, Microsoft has expanded the built-in security functions. Windows 10 includes a number of new and interesting security features.