In this video, Pete Zerger explains how you can implement location-based access requirements in your Azure AD conditional access strategy to increase security, while optimizing the user experience in Azure MFA scenarios.
- [Instructor] Now we're going to talk about…location-based access requirements…in the context of conditional access.…Conditional access takes multi-factor authentication…in Azure AD a step further…by enabling us to create policies that evaluate…the conditions surrounding an authentication request.…Since these policies can be applied to groups,…we can be selective in how and to whom we apply them.…The location uses the location of the user…at the time of login to trigger multi-factor authentication,…or use block controls to simply deny access altogether,…or even to implement other adaptive remediation actions,…like a password reset.…
The location is one of the five conditions…of conditional access.…Location awareness only comes with Azure AD Premium P1,…and we can use location in conjunction with other factors,…such as the platform the user is authenticating from,…and the health of that device,…the app that they're authenticating with,…their group memberships, or even their sign-in risk,…understanding that sign-in risk only comes…
In this course—the first in the series—Microsoft MVP Pete Zerger takes you through the basics of setting up endpoint protection. He begins by explaining how to set up Azure Active Directory Premium. Next, he goes into enabling multi-factor authentication, followed by setting conditions for secure access. To wrap up, Pete covers managing mobile devices with Intune, and publishing applications with Azure AD App Proxy.
- Setting up Azure Active Directory for an organization
- Enabling user-level and application-level multi-factor authentication
- Setting conditions for secure access
- Planning a mobile device management (MDM) strategy
- How Intune (standalone) MDM works
- How Intune mobile application management works
- Publishing applications with Azure AD App Proxy
- Assigning users and groups