Conditional Access
- Alex Barth
- Chase M
Conditional Access in Entra ID enables policy-based decisions regarding access to resources. Each Condition Access policy consists of one or more assignments and access controls.
Assignments
The assignments of a policy include resources and conditions. The resources can be users, groups, directory roles, applications or service principals defined in Entra ID. The conditions can limit the policy to only apply when requests originate from specific networks or geographic locations or from specific client applications or devices.
Access Controls
The access controls of a policy include grant controls and session controls. The grant controls can grant or block access to resources. The session controls can modify session behavior such as limiting session duration.
Applied policies
The following policies are applied to the utexas tenant in Azure Active Directory.
Exceptions
Microsoft Surface Hub devices are not compatible with Conditional Access Policies and are unable to authenticate unless they are manually excluded from every policy per https://docs.microsoft.com/en-us/surface-hub/create-and-test-a-device-account-surface-hub.
Exclusion Group: 99a683be-a6a4-45d0-9bff-555a0f6d319c / Surface.Hub.Conditional.Access.Bypass.Group@austin.utexas.edu.
Welcome to the University Wiki Service! Please use your IID (yourEID@eid.utexas.edu) when prompted for your email address during login or click here to enter your EID. If you are experiencing any issues loading content on pages, please try these steps to clear your browser cache.