Conditional Access Deep Dive | Joe Kaplan | HIPConf 2019

Conditional Access is the feature of the Azure Active Directory platform that allows you to restrict access to applications and services based on a set of policies you apply. For example, you can allow access to resources based the user's ability to perform multi-factor authentication, their device status, their location or the overall assessed risk of their login. In this session, we will do a deep dive on the mechanics of how the platform works including all of the conditions, the policy construction framework and the behavior of each type of condition during login. We will also touch on new and upcoming features that will greatly expand how Conditional Access can be used and administrated.

About the speaker:

Joe Kaplan is an identity architect in Accenture’s internal IT organization where he focuses on solving real-world problems for a large, complex business. Joe is a Microsoft MVP in Enterprise Mobility and is a co-author of the .NET Developer’s Guide to Directory Services Programming.

0:00 Introduction
1:45 Conditional Access Landscape Controls
2:57 Conditional Access Licensing
8:17 Anatomy of a Policy
9:24 Conditional Access Targets
13:37 Targeting Applications
17:00 Conditional Access Conditions
17:55 Risk: Azure AD Identity Protection
19:31 Which Device?
22:21 Location Example: App Proxy Internal Only
23:54 Conditional Access Controls
26:04 Multi-Factor Authentication
27:27 General Troubleshooting
29:57 Why is Device State Important?
30:46 The Accenture CA Journey
33:58 How Do Devices Get Registered?
36:11 Non-Hybrid Registration Settings
39:11 Device Examples
40:22 How Do Devices Get to be "Domain Joined"?
41:41 How Do Devices Get to be "Compliant"?
44:22 How Does a Device Authenticate?
46:11 Device Authentication and CA Policy Checks
47:02 Customized User Experiences for Failures
49:53 Windows Hello for Business
51:02 Device Authentication Troubleshooting
51:17 DSREGCMD (Win 10 Client Troubleshooting)