Details
Category: Microsoft Purview
Hits: 306

Setting up Conditional Access Policies in Purview

Conditional Access policies are a set of configured rules which are checked before granting access to content. For example, if a guest user is accessing sensitive content, whether to block access to the content or grant access by enforcing some controls such as Multi Factor Authentication (MFA).

Authentication contexts have to be set before defining conditional access policies. Authentication context allows organizations to apply conditional access policies based on specific scenarios. For example, require MFA for sensitive content or to enforce device restrictions for company managed devices.

Setting up Authentication Context

In this example we will create an authentication context to block Guest users from accessing sensitive content.

  1. In Azure navigate to Conditional Access > Authentications contexts
  2. Click New authentication context
  3. Enter a descriptive name. For example, Protect Sensitive Content Guests (Image 1)
  4. Enter a description and click Save

After adding authentication context, the next step involves creating a conditional access policy and assigning the authentication context to it.

Create Conditional Access Policies

  1. In Azure navigate to Conditional Access > Policies
  2. Click New policy
  3. Enter a descriptive policy name. For e.g. Restrict sensitive content for guests
  4. Under Assignment, click Users > Select users and groups > Guest or external users (Image 2)
  5. Click Access controls - control access to either block or grant access based on the controls. In this example access is blocked (Image 3)
  6. Enable policy and click Create

The article outlined restricting guest users. However, conditional policies can be applied in several cases such as restricting unmanaged devices, preventing sign on from on-trusted locations etc. It can also be used in sensitivity labels - when creating sensitivity labels, authentication context with conditional access policy can be assigned to protect labelled SharePoint sites. Creation of sensitivity labels will be covered in a forthcoming article.

Image 1

Image 2

Image 3

 

Main Menu

Articles List