Azure AD Conditional Access Deep Dive | Joe Kaplan | HIPConf 2019

Conditional Access is the feature of the Azure Active Directory platform that allows you to restrict access to applications and services based on a set of policies you apply. For example, you can allow access to resources based on the user's ability to perform multi-factor authentication, their device status, their location or the overall assessed risk of their login. In this session, we will do a deep dive on the mechanics of how the platform works including all of the conditions, the policy construction framework and the behavior of each type of condition during login. We will also touch on new and upcoming features that will greatly expand how Conditional Access can be used and administrated.

About the speaker:

Joe Kaplan is an identity architect in Accenture’s internal IT organization where he focuses on solving real-world problems for a large, complex business. Joe is a Microsoft MVP in Enterprise Mobility and is a co-author of the .NET Developer’s Guide to Directory Services Programming.

Learn more about HIP: https://www.hipconf.com/

0:00 Introduction
3:52 Conditional Access Licensing
5:58 Conditional Access Concepts
7:50 Anatomy of a Policy
8:20 Conditional Access Targets
14:36 Targeting Applications
15:54 Conditional Access Conditions
16:52 Risk: Azure AD Identity Protection
22:02 Which Device?
24:48 Location Example: App Proxy Internal Only
25:57 Conditional Access Controls
32:59 General Troubleshooting
40:32 How Do Devices Get Registered?
42:12 Non-Hybrid Registration Settings
45:30 What Happens when a Device Is Registered?
46:36 Device Examples
47:30 How Do Devices Get to be "Domain Joined"?
49:29 How Do Devices Get to be "Compliant"?
51:41 How Does a Device Authenticate?
54:08 Customized User Experiences for Failures
55:37 Windows Hello for Business
56:15 Device Authentication Troubleshooting