azure ad conditional access

Question

question

testuser7-8288 asked Apr 25, '22 ricardosolisvillegas-4678 commented May 3, '22

azure ad conditional access

Hello,

I have one basic question around Conditional Access Policies.

As we know , Azure AD CA-Policies help us undergo the additional factors while any client-app is requesting token for any CLOUD RESOURCE

I have a client-app which is just preparing OAuth request with SCOPE=OpenID and redirecting user to AAD to collect the token.

If AAD-admin wants to make sure that such request must undergo MFA or TOU or any other CA-policy grant, which minimal set of CLOUD RESOURCE should be added in that CA-policy ??

Thanks

azure-active-directory azure-ad-authentication azure-ad-conditional-access

· 4

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

testuser7-8288 · Apr 26 at 12:34 PM

Hi @amanpreetsingh-msft

I have opened one thread at https://docs.microsoft.com/en-us/answers/questions/825145/azure-ad-conditional-access-2.html to discuss about AAD Conditional Policy.
Would you please look into it and help me.

Thanks.

0 ·

testuser7-8288 · Apr 27 at 03:51 PM

hello team,

Any update on my above query ?
As usually MSFT folks are very prompt answering, looks like my concern is either too foolish OR too SPOT ON and not yet addressed by CA-policy.

I prefer the latter :)
Regardless, appreciate if somebody help me close this thread.
Can we use custom-security-attribute to fine tune such access through CA-policy.
Obviously I would avoid to wrap "All Cloud Resources" in the CA policy as it will be too restrictive.

Thanks.

0 ·

ricardosolisvillegas-4678 testuser7-8288 · Apr 28 at 04:54 AM

Hello @testuser7-8288

Thank you for your post.

I would like to confirm if I understood correctly your statement....

Are you referring to the following info ? https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/require-tou

Looking forward to your feedback,

BR,

0 ·

ricardosolisvillegas-4678 testuser7-8288 · Apr 28 at 06:38 AM

Hi,

I found this info that might be helpful for your concern.

https://learningbydoing.cloud/blog/getting-started-with-custom-security-attributes-in-azuread/#:~:text=Custom%20Security%20Attributes%20are%20organization-specific%20key-value%20paired%20attributes,not%20even%20Global%20Admins%2C%20without%20specifically%20assigning%20permissions.

Cheers,

0 ·

Answer 1 · 2022-05-02T06:23:27.797Z

ricardosolisvillegas-4678 answered May 2, '22

Hello @testuser7-8288

I just wanted to follow up on this concern and if further assistance is required please let us know!

Regards,

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Answer 2 · 2022-05-02T15:10:01.55Z

testuser7-8288 answered May 2, '22 ricardosolisvillegas-4678 commented May 3, '22

We can close it.. I have requested private preview for CA-policy with Custom-security-attribute.
Hopefully that is the answer to my query.

· 1

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ricardosolisvillegas-4678 · May 03 at 04:43 AM

Understood.

Many thanks for your feedback!

0 ·

question