Cloud Security and CMMC Compliance Require Azure AD Conditional Access

    Azure Active Directory (AAD) Conditional Access is the axe, gatekeeper, bouncer, and first line of defense to accessing your cloud information systems and network. Other products within Microsoft's Enterprise Mobility + Security (EM+S) license are very important for your overall security and compliance strategy (especially for NIST 800-171), but the Conditional Access can thwart many of your existing threats before they get an attempt to authenticate. Conditional Access can be configured to align with NIST 800-171 Control Family 3.5 and 3.13. As it states in 3.13, you can "protect the authenticity of communications sessions" in part by practicing: "deny all, permit by exception". Conditional Access defines what are the exceptions.

    You can create separate CA policies for privileged and non-privileged accounts based upon several conditions: sign-in risk (calculated by Microsoft), device platform (Windows, iOS, Android, etc), device state (managed or unmanaged), and locations (where is someone logging in from). Once an attempt to access a cloud application is made and one of these conditions or criteria are not met, the access can be flat-out denied. It's also possible to force that user to go through another Multi-factor Authentication or reset their password immediately.

    Here is a sampling of Conditional Access in action. Bring down the axe!

    Quick Overview 


    Restricting MFA with Conditional Access for NIST 800-171 Compliance



    Subscribe Here!

    Recent Posts

    Posts by Topic

    see all