Azure AD Conditional Access Deep Dive | Joe Kaplan | HIPConf 2019

Conditional Access is the feature of the Azure Active Directory platform that allows you to restrict access to applications and services based on a set of policies you apply. For example, you can allow access to resources based on the user's ability to perform multi-factor authentication, their device status, their location or the overall assessed risk of their login. In this session, we will do a deep dive on the mechanics of how the platform works including all of the conditions, the policy construction framework and the behavior of each type of condition during login. We will also touch on new and upcoming features that will greatly expand how Conditional Access can be used and administrated. About the speaker: Joe Kaplan is an identity architect in Accenture’s internal IT organization where he focuses on solving real-world problems for a large, complex business. Joe is a Microsoft MVP in Enterprise Mobility and is a co-author of the .NET Developer’s Guide to Directory Services Programming. Learn more about HIP: https://www.hipconf.com/ 0:00 Introduction 3:52 Conditional Access Licensing 5:58 Conditional Access Concepts 7:50 Anatomy of a Policy 8:20 Conditional Access Targets 14:36 Targeting Applications 15:54 Conditional Access Conditions 16:52 Risk: Azure AD Identity Protection 22:02 Which Device? 24:48 Location Example: App Proxy Internal Only 25:57 Conditional Access Controls 32:59 General Troubleshooting 40:32 How Do Devices Get Registered? 42:12 Non-Hybrid Registration Settings 45:30 What Happens when a Device Is Registered? 46:36 Device Examples 47:30 How Do Devices Get to be "Domain Joined"? 49:29 How Do Devices Get to be "Compliant"? 51:41 How Does a Device Authenticate? 54:08 Customized User Experiences for Failures 55:37 Windows Hello for Business 56:15 Device Authentication Troubleshooting