question

SamOz avatar image
0 Votes"
SamOz asked SamOz commented

HTTPS Conditional Access policy to VM

Hi everyone. I'm looking for the best way to lockdown HTTPS traffic to a VM for internal staff only.

We have an Azure VM with an IIS website which is for internal staff access only. We have an Azure AD only environment with E5 licenses. Intune is rolled out to all Windows 10 machines. We are using Conditional Access at the Enterprise Application level, but this does not block traffic at the port level.

The VM has an NSG configured to allow HTTPS (no Firewall configured yet).

What is the best way to implement Conditional Access to the HTTPS port, for Compliant Intune devices only?

azure-virtual-machinesmem-intune-generalazure-virtual-networkazure-firewall
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

Jason-MSFT avatar image
1 Vote"
Jason-MSFT answered SamOz commented

Conditional Access is a "gate" on AAD authentication and is unrelated to controlling network traffic so in and of itself can't do what you ask.

I think Azure App Proxy will do what you want though as this can add a layer of pre-authentication to the network traffic flow and thus CA could be used. See https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-security for guidance on a possible path.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks Jason for the Application Proxy tip, I'll have a further look.

0 Votes 0 ·