SEC03- Conditional Access, Rask Based Controls: 3-Wk Proof of Concept (PoC)

Microsoft 365 Risk Based Access Controls are a part of the Azure Active Directory Identity Protection feature. It provides a possibility to deploy multiple access policies that respond to the signals received from AAD Identity Protection, as opposed to Identity Protections single policy. This gives companies a possibility to give access to specific users, devices and endpoints –based on their calculated risk. ​

To support the customer with Microsoft 365 security features, we often start discussing Risk Based Conditional Access Policies with customers that have found it difficult to deploy a single policy to all users. Often because the single policy they want to deploy would not suffice to protect their most important data stores. ​

Start with a few policies in report-only mode and spend some time analyzing if they are scoped correctly and then these are deployed to a subset of users before deploying them full-scale.

1. WORKSHOP: Customer Success Criteria, feature overview, scope of implementations, plan for test and PoC
2. SETUP INITIAL REPORT-ONLY POLICY: Create policy/policies, assign to users, analyse reports, edit policy scopes
3. POC - TEST PHASE: Involve test users, run PoC, continuous analysis of logs and support to users
4. CONCLUSIONS & NEXT STEP: Document learnings and conclusion, present findings, plan next steps