您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

迁移要求在 Azure 门户中进行多重身份验证的经典策略Migrate a classic policy that requires multi-factor authentication in the Azure portal

本教程演示如何迁移要求对云应用进行多重身份验证的经典策略。This tutorial shows how to migrate a classic policy that requires multi-factor authentication for a cloud app. 虽然不是先决条件,但我们建议你在开始迁移经典策略之前阅读在 Azure 门户中迁移经典策略Although it is not a prerequisite, we recommend that you read Migrate classic policies in the Azure portal before you start migrating your classic policies.

概述Overview

本文中的方案演示如何迁移要求对云应用进行多重身份验证的经典策略。The scenario in this article shows how to migrate a classic policy that requires multi-factor authentication for a cloud app.

Azure Active Directory

迁移过程包括以下步骤:The migration process consists of the following steps:

  1. 打开经典策略获取配置设置。Open the classic policy to get the configuration settings.
  2. 创建新的 Azure AD 条件访问策略以替换经典策略。Create a new Azure AD Conditional Access policy to replace your classic policy.
  3. 禁用经典策略。Disable the classic policy.

打开经典策略Open a classic policy

  1. Azure 门户的左侧导航栏中,单击“Azure Active Directory”。 In the Azure portal, on the left navbar, click Azure Active Directory.

    Azure Active Directory

  2. 在“Azure Active Directory”页的“管理”部分中,单击“条件访问” 。On the Azure Active Directory page, in the Manage section, click Conditional Access.

    条件性访问

  3. 在“管理” 部分中,单击“经典策略(预览)” 。In the Manage section, click Classic policies (preview).

    经典策略

  4. 在经典策略列表中,单击要求对云应用进行多重身份验证的策略。In the list of classic policies, click the policy that requires multi-factor authentication for a cloud app.

    经典策略

创建新的条件访问策略Create a new Conditional Access policy

  1. Azure 门户的左侧导航栏中,单击“Azure Active Directory”。 In the Azure portal, on the left navbar, click Azure Active Directory.

    Azure Active Directory

  2. 在“Azure Active Directory”页的“管理”部分中,单击“条件访问” 。On the Azure Active Directory page, in the Manage section, click Conditional Access.

    条件性访问

  3. 在“条件性访问”页顶部的工具栏中单击“添加”,打开“新建”页。 On the Conditional Access page, to open the New page, in the toolbar on the top, click Add.

    条件性访问

  4. 在“新建”页上的“名称”文本框中,键入策略的名称。 On the New page, in the Name textbox, type a name for your policy.

    条件性访问

  5. 在“分配”部分中,单击“用户和组”。 In the Assignments section, click Users and groups.

    条件性访问

    1. 如果已在经典策略中选择所有用户,请单击“所有用户”。 If you have all users selected in your classic policy, click All users.

      条件性访问

    2. 如果已在经典策略中选择组,请单击“选择用户和组”,并选择所需的用户和组。 If you have groups selected in your classic policy, click Select users and groups, and then select the required users and groups.

      条件性访问

    3. 如果需要排除组,请单击“排除”选项卡,并选择所需的用户和组。 If you have the excluded groups, click the Exclude tab, and then select the required users and groups.

      条件性访问

  6. 在“新建”页的“分配”部分中单击“云应用”,打开“云应用”页。 On the New page, to open the Cloud apps page, in the Assignment section, click Cloud apps.

  7. 在“云应用”页上执行以下步骤: On the Cloud apps page, perform the following steps:

    1. 单击“选择应用”。 Click Select apps.
    2. 单击“选择” 。Click Select.
    3. 在“选择”页上选择云应用,单击“选择”。 On the Select page, select your cloud app, and then click Select.
    4. 在“云应用”页上,单击“完成”。 On the Cloud apps page, click Done.
  8. 如果已选择“需要多重身份验证”: If you have Require multi-factor authentication selected:

    条件性访问

    1. 在“访问控制”部分中,单击“授予”。 In the Access controls section, click Grant.

      条件性访问

    2. 在“授予”页上,依次单击“授予访问权限”、“需要多重身份验证”。 On the Grant page, click Grant access, and then click Require multi-factor authentication.

    3. 单击“选择” 。Click Select.

  9. 单击“打开” 启用策略。Click On to enable your policy.

    条件性访问

禁用经典策略Disable the classic policy

若要禁用经典策略,请单击“详细信息” 视图中的“禁用” 。To disable your classic policy, click Disable in the Details view.

经典策略

后续步骤Next steps