Close Menu
Blog
  Back
Posted by Andrew Ballantyne on 8th February 2021

Understanding Conditional Access

In my recent LinkedIn post, I provided 4 suggestions as to how organisations can secure their remote workers, a thing I’m sure most would agree is of paramount importance under circumstances. Last week, the first of the 4 suggestions I looked at was Azure Information Protection. The second of the 4 I'm going to elaborate on this week is Conditional Access.

It is now more than ever that we need the mobility and flexibility that cloud products like Office 365 offer our organisations. That said, given that we don’t always have control over the devices or networks that our remote workers are connecting from, there are plenty of security challenges we’re faced with. The problem therefore is enabling mobility without compromising security. This is where Conditional Access comes into the picture.

What is Conditional Access and How does it Work?

For those who’ve never heard of conditional access, you can probably take a reasonable guess as to what it does. It restricts access to an organisation’s platforms and data by enforcing standards that must be met by a device or network before accessing information. It does this by doing 2 things:

  1. It collects signals using your organisation’s Active Directory. For the purposes of clarity, the most common signals are as follows:
    1. IP locations
    2. Users and User Groups
    3. Applications
    4. Devices
    5. Risk signals- which I will elaborate on below
  2. It then evaluates those signals against the policy rules you have put in place using basic ‘if-then’ statements. Here is an example:

 

IF: a user is not logging in from [insert IP address],

THEN: enforce multifactor authentication.

 

It may be the case that an organisation sets up multiple policies for various scenarios. In cases where multiple policies a relevant to more than one user or user group, an ‘and’ rule will be automatically applied, meaning that that user or user group will be subjected to all policy stipulations, rather than one superseding the other.

To quickly to refer back to signals and the associated restrictions, ‘IP locations’ can be set up to be as far-reaching as to restrict access to entire countries and regions, all the way down to individual IP addresses.

With regards to ‘risk signals’, the integration of Conditional Access with Azure AD allows for the identification of unusual or risky sign in behaviours. The ‘then’ action that is taken off the back of this is down to the organisation’s policies, but to give you an idea, password rests or multi-factor authentication can then be enforced upon the user under such circumstances.

Thinking about Conditional Access in Practical Terms

Let’s take a second to look back to the initial point made at the beginning- Conditional Access is about enabling mobility without compromising on security. A good example of a policy we’ve implemented for one of our customers that supports this mutual agreement between remote working and security is:

              IF: a ‘non-compliant’ device attempts to log on

THEN: allow access but only when connected to the web, and do not allow the user to download company information onto their ‘non-compliant’ device.

‘Non-compliant’ is whatever you define it to be, which takes me onto my next point.

Understanding what you need to do to effectively implement Conditional Access basically requires you to ask 2 things:

  1. What does a ‘compliant device’ look like for my organisation (i.e. what fits your idea of sufficiently secure). Here are some suggestions to get you started:
    1. Is it a company owned device?
    2. Does the device require encryption?
    3. Does it have a secure pin that meets our complexity requirements?
    4. Is it running antivirus?
    5. Is the device jailbroken?

As you can see, the questions you pose at this stage will effectively form the basis of the rules you apply to your organisation’s policies.

  1. Now that I know what a ‘compliant device’ is, what do I want to happen if a device fails to meet the standards set? Perhaps you want to restrict non-compliant devices from accessing your Office 365 platform? This is all up to you and what works for your organisation, which is the beauty of the product. It puts granular rule-making into your hands.

 

Final Remarks

Hopefully, you will have an idea of what Conditional Access is and, even better, you might be starting to develop ideas as to how this is both useful now and as part of your longer IT strategy. Let’s face it, even if/when we do return to our offices, the need for remote working is hardly unlikely to diminish, therefore making Conditional Access the tool in your kit that is perfectly suited to secure your end users in this modern landscape of remoteness.

 

What's Next?

If you want to understand more about how Conditional Access works, Click Here. It will take you to a blog where you can watch a recent webinar recording where we looked at Conditional Access.

 
Recent Posts

Some of our happy clients...

Mark Arundale
Managing Director- Sine Consulting

We moved to Circle Cloud just over a year ago because our IT was costing us productivity. There was a lot of downtime and unpredictability, which made running our business harder than it needed to be. Circle Cloud have made things so much more straightforward. Their IT Management Plans are perfect for our needs as a small business. The service is so clear and well designed, we have regular reviews and now have a more proactive and professional provider

Beverly Goodall
Managing Director- Abacus Bean

As the owner of an accountancy practice, there’s so much to think about. I need to stay focussed on our own products and services and making sure our customers are looked after. That’s why working with Circle Cloud has been perfect. They’ve taken away any concerns I’ve had around information security. The initial 30 day onboarding process made such a big difference, and the support we’ve had since has been excellent.

Andy Craddock
Managing Director- Accurate Data Services

In our industry it is critical to be constantly focussed on information security. At Accurate Data Services Ltd we always deal with extremely sensitive data, so remaining one step ahead of IS risk is our top priority.  We wanted to work with Circle Cloud because there IS infrastructure design continuously ticks all of the right boxes, can be delivered quickly and is scaleable.  It really is a comfort to everyone in the business that Circle Cloud are there, constantly having our back and making sure that our IS systems are always best in class.

Tony Crocker
Managing Director- IWC Wills & Probate

Circle Cloud’s IT Managed Service has been brilliant for us. It really is focussed on the security side of things. That matters a lot. When you think about all the emails and information that get shared on a daily basis, there is always that worry that something important might slip through. But Circle Cloud have put everything in place to make sure we’re safe.

Mark Pendlebury
IT Manager- Cosatto Limited

Working with Circle Cloud to implement the transition of our ERP system and SQL server into Azure has been a great choice. They have shown great knowledge of the platform and it's possibilities and have worked closely with us to ensure key project milestones and testing phases were met resulting in a successful and on time go live. Furthermore, they have also offered great advice and help on licensing to ensure costs are kept to a minimum.

Deborah Hugill
IT Director- Nigel Wright Ltd

We needed to modernise our server infrastructure in order to enhance resilience, as well as improve accessibility for our European workforce.  This is why we decided to move to the cloud, however we needed a supplier that could help us on our journey. We found the perfect technology partner in Circle Cloud, who specialise specifically in the Microsoft Cloud. They moved all our applications and files to Microsoft Azure which has proven extremely robust, ticking all the boxes we needed it to.

Urfan Durrani
IT Director- Protec International

As a business we had various challenges from moving a legacy on premise exchange system into hosted Office365 environment. Our Office365 system offers the users almost guaranteed uptime, accessible from any place and device, whilst its management facilities make it easier to monitor and control. The commitment to quality and care by Circle Cloud, provided the management team with assurances.

Craig Kippling
Director- Studio Anyo

We needed a telephone system that offered the functionality of a PBX solution. Circle Cloud were the perfect partner to guide us. They demonstrated how Microsoft Teams itself could be used as our full, business-wide telephone solution. They scoped our requirements and migrated our group to Microsoft Business Voice, which bolts seamlessly onto Microsoft Teams.  Our decentralised workforce can now make and receive business calls from anywhere using mobile apps and laptop headsets. This has proven invaluable over the last year and will assist in our future growth. 

Rebecca Pendlebury
Customer Care Manager- Scamp & Dude

As our Customer Care team grew we soon realised we needed to open up forms of contact for our customers. We also needed a system that was flexible and easy to use. As we already used Teams, it felt natural to incorporate Teams Voice and we couldn’t be happier with the result. As a result of Circle Cloud’s recommendations, implementation and training, we now have a happy team and customers.

Ian Burns
IT Services Manager- Waterton Academy

Circle Cloud’s offer of Office 365 security audits catered for every aspect of the brief, however it excelled in the way it was delivered to us as a customer. The added value area of mapping out detailed next steps alongside flagged areas was highly valued and demonstrated their unique ethos of being able to provide an external sound board/advisory presence and where needed, action change by their internal staff as a commissioned service. Based on the experience we had from Circle Cloud, including value for money, the accuracy and attentiveness from staff, we have now adopted the company as our external consultant for Microsoft cloud technologies.

John Painter
IT Systems & Development Manager- Denbury Homes

In November 2021 Circle Cloud were engaged after a shortlisting process, for a time sensitive tenant to tenant domain migration following a business separation- each tenant being wholly separate to the other. Several companies were contacted and their tools assessed, but none could provide a ‘one stop shop’. The expectation was that end users would see no visible difference with regards to experience or content, with the exception of a new temporary password and new MFA registration process. Circle Cloud were able to achieve this within the tight deadline. Denbury Homes are happy to recommend Circle Cloud for Office 365 and Azure Cloud to Cloud migrations, as well as On Premise to Cloud migrations.

Circle Cloud Limited
Company

Circle Cloud Ltd.
Fusion Hive
North Shore Road
TS18 2NB

  0191 672 7012
  info@circlecloud.co.uk
Products
Company
Social
Accreditation
  • ISO/IEC 27001
    Cert Number: IS 697 097
  • Cyber Essentials Certified
Site by Calm Digital Limited
© 2024 Circle Cloud Ltd.
Drop us a message...
Open Menu Open Menu
Contact Us
Open Menu Open Menu
CONTACT US