Skip to content

Got a big bouncer at the door? If not, then you need conditional access.

a streamlined approach to controlling access

Barrett Dilger

November 28, 2022

No Comments

Server Security

We live and die by our passwords. They are the keys to the kingdom.  There’s always security risk with them though, and the vast majority of data breaches are due to stolen or weak passwords.

Despite all of this, 61% of workers reuse passwords across multiple platforms. Just under half of them have shared their passwords with others or done something worse, like keep it on a post-it note stuck to their monitor.

This is why compromised passwords are the cause of most security incidents.

Once you start factoring in business cloud computing and a remote workforce, things only seem to get harder to lock down.

To make your life easier, you need a bouncer guarding access to your business data, just like that big burly guy at the door of a club. But that guy can’t be everywhere, so you need to use something else as your security guard.

It’s called Conditional Access.

Conditional Access is exactly what it sounds like. It grants access when a condition is met. If “this”, then “that.”

The conditions can be multifaceted though and layered upon each other. Meaning you can have more than one condition required for access. Rules can be set based on IP address, the time of day, the device used, the geo-location, and user role.

These rules are typically used in conjunction with MFA (Muli-Factor Authentication). The combination of rules can make your network extremely secure, without adding much inconvenience (if any).

Conditional Access is a broad term referring to any conditional restriction on credentials, but the most prominent usage in business is through Azure Active Directory.  Azure Active Directory can be set up to use identity-driven signals in authenticating access to a business network. 

Imagine that you have a workforce worldwide and want to control access to your business network.  You restrict it by location – only allowing access from the countries you have workers in, by the time of day – only allowing access during their work schedules, only granting access if the employee role justifies it, and ensuring they are using company devices. This is all possible with conditional access.

It might sound a little over the top, but…

what could a conditional access setup do for your business?

It will improve your security greatly. Access isn’t just given if they have the right username and password. They need more than that – and matching more criteria will make it harder to log in. If a login attempt is not matching a known device, it can ask an additional verification question.

What sounds harder for managing access actually makes it easier. Once the conditional criteria are established, the process is automated. It prevents human error or anyone from being overlooked. Every login is verified by the conditions, with no exceptions.

This makes the employee login experience better. Using known devices from known locations can be conditional for the employees to not need to provide additional authentication. The rule could be that if in one of the corporate offices (identified by IP) then the employees won’t be prompted for MFA.

Not only can these rules prevent access, but they can restrict access too. Legitimate users can have limited access to data or settings based on their role in the company. They might get read-only access for instance, or no access if they are logged in from an unknown device.

This is why conditional access is secure. Roles maintain the lowest level of access for an employee to do their work. Conditional access will therefore only allow what the role determines is correct, and allow data and functionality based on the need. It’s part of identity management for the network.

If this sounds like something that can benefit your business, you’ll need professional assistance to set it up. Schedule a call on our live calendar and we’d be happy to discuss the process with you.