InsITe Blog

MFA Made Easier With Conditional Access

Written by Andy Syrewicze | Jul 23, 2020 2:09:52 PM

There is no debate. IT security is top of mind for many business owners and IT administrators right now, and for a good reason! Ransomware and it’s like are rampant in the technology space, bad actors are constantly seeking to gain entry to sensitive information, and scammers are always attempting to scare up information from end-users. What is a business to do? One answer is multi-factor authentication. 

 

While It doesn’t address every instance mentioned above, multi-factor authentication (MFA) goes a LONG way towards hardening your organization’s security posture. MFA provides one additional layer that attackers and bad actors have to circumvent in order to access your data. One common complaint that I run into often with MFA, however, is that it adds extra steps and headaches for end-users. 

 

In this blog post, I’m going to provide some resources that will show you how Conditional Access can make setting up MFA for your end-users easy.

 

What is Conditional Access? 

Conditional Access is a technology present in the Microsoft 365 Stack that allows administrators to granularly control access to company data based on certain conditions. The most common example given when looking at it through the prism of MFA is the Conditional Access setting that allows end-users to authenticate WITHOUT MFA while accessing resources from the company network. This example is one of many that makes the MFA process easier and more transparent to your end-users.  

For a full list of conditional access capabilities, see the Microsoft Docs page on the topic here 

 

How Does Conditional Access Make MFA Easier for My End Users? 

I recently wrote an article for the Altaro Hyper-V blog that talked about this subject at length. A few of the use-cases addressed by Conditional Access are: 

 

  1. A business owner or manager complains that his/her department is constantly getting prompted for MFA. After all, they just want to do their work…
  2. An Administrator is concerned with knowing when to force password resets for users and what to do with accounts that are potentially suspicious. 
  3. A CIO may be concerned that security requirements for administrator accounts are too lax. 

This is by no means a comprehensive list, there is much more that conditional access can do. These are just some of the most common.  

 

If you want more details behind the use-cases listed above, be sure to check out the full article here. 

 

How Do I Configure Conditional Access? 

Configuring Conditional Access is fairly easy. I’m a firm believer in teaching by showing! I recently co-hosted a webinar with Altaro on Security Features within the Microsoft 365 Stack. I’ve included a video of my demo on configuring Conditional Access below.  

 

 

We covered many other Microsoft 365 Security topics in this webinar. If you’re interested in learning more, you can view that entire webinar on demand here 

 

Wrap-Up 

As you can see, configuring Conditional Access is fairly simple for a basic setup. That said, there are a multitude of ways that Conditional Access can be configured, and more complex deployments and requirements can become more difficult to deploy or have certain caveats to consider.  

 

If you need assistance in configuring Conditional Access, InsITe can help! Many of our engineers are fully trained and passionate about the use of Conditional Access in modern IT environments. If you need assistance with this or any IT need, feel free to schedule a call with an InsITe advisor today for more information! 

 

In closing, what are your thoughts on Conditional Access? Do you have concerns with its effectiveness? Do you need a security feature in M365 that you haven’t seen here? Have you set up Conditional Access and have success/horror stories? We’d love to hear! Let us know in the comments section below.

 

Thanks for reading!