Explore Microsoft Conditional Access - Risk Based Controls through a focused Proof of Concept to assess benefits, user experience and technical fit
Microsoft 365 Risk Based Access Controls are a part of the Azure Active Directory Identity Protection feature. It provides a possibility to deploy multiple access policies that respond to the signals received from AAD Identity Protection, as opposed to Identity Protections single policy. This gives companies a possibility to give access to specific users, devices and endpoints –based on their calculated risk.
To support the customer with Microsoft 365 security features, we often start discussing Risk Based Conditional Access Policies with customers that have found it difficult to deploy a single policy to all users. Often because the single policy they want to deploy would not suffice to protect their most important data stores.
Start with a few policies in report-only mode and spend some time analyzing if they are scoped correctly and then these are deployed to a subset of users before deploying them full-scale.