Learn Conditional Access in just 25 Mins
Рет қаралды 38,924
Күн бұрын
@mkelly01 Жыл бұрын
Perfect timing. I was just coming to your channel looking for info on this!
@AndyMaloneMVP Жыл бұрын
Hey that’s awesome😊I hope you’ll subscribe 👍
@edipocdf Жыл бұрын
tks a lot.
@AndyMaloneMVP Жыл бұрын
Hey thanks so much I appreciate that👍🤗😊
@TN_HondaDad Жыл бұрын
A great quick crash course, thank you!
@soodshubham7671 Жыл бұрын
Andy, thank you sincerely for sharing such valuable knowledge. I genuinely appreciate it. I hope that one day, I will have the opportunity to meet you in person and express my gratitude personally :)
@AndyMaloneMVP Жыл бұрын
Aw that is so kind, thank you so much. I really do appreciate that 😊 and 👍
@markokoning6697 9 ай бұрын
Thanks alot Andy, a very informative video Thank you!
@DoubleA-ARon Жыл бұрын
Andy, as always, excellent content!
@sreenathchandrakandham5309 11 ай бұрын
Great learning, thank you
@AndyMaloneMVP 11 ай бұрын
Glad you enjoyed it
@RameshKotha-n1r 6 ай бұрын
Great explanation
@MichaelToub 8 ай бұрын
Great Video!
@gregoryigbinoba4778 18 күн бұрын
Basically this is the goal. prevent Outlook client access on unmanaged devices, you can implement a Conditional Access (CA) policy
2 ай бұрын
Correct me if i am wrong but with CA - the most restrictive takes place? Lets say there are two CAs # one states users must have MFA enabled before accessing a Entra id SSO app # second CA states allow all users to access a entra ID SSO app without any specific authentications - This means when the users access this entra id sso app they will have to use MFA due to the first CA rule being the most restrictive
@AndyMaloneMVP 2 ай бұрын
Correct
@patrick__007 Жыл бұрын
You can now add some M365 admin portal in the CA. Thanks Andy!
@AndyMaloneMVP Жыл бұрын
You are quite correct, you always could👍
@moaMah-k4q Жыл бұрын
Great video very informative Thanks!!!!
@AndyMaloneMVP Жыл бұрын
Glad you enjoyed it!
@MBudhwant Жыл бұрын
Very helpful
@moepskie Жыл бұрын
Regarding the warning about the legacy authentication clients: disable legacy authentication by default (it's a recommendation documented by Microsoft somewhere). Either set a CA policy to block it entirely, or disable it through the Admin center (or both).
@brandonw1604 Жыл бұрын
With IPv6 you want to make sure you allow unnamed locations. IPv6 doesn't always give a location and you can accidentally lock out your CEO from the calendar when he's trying to plan his mother's funeral.
@BloomerzUK Жыл бұрын
Your comment made me laugh
@brandonw1604 Жыл бұрын
@@BloomerzUK it wasn't a call I wanted at 6AM on a Sunday. Lol lesson never forgotten.
@BloomerzUK Жыл бұрын
@@brandonw1604 I thought you were joking.. you poor sod!
@brandonw1604 Жыл бұрын
@@BloomerzUK nope, didn't know about IPv6 and locations.
@marcusm5127 10 ай бұрын
Odly specific. Poor guy I wouln't want that call.
@Best111 8 ай бұрын
Great Videos! You Add a new Subscriber
@ManoElMacho Жыл бұрын
well done mate :)
@alvarogomez5458 9 ай бұрын
Hello, I just found your video.. it is really interesting and helpful, it solved a lot of my questions, I was recently tasked to use conditional access to block access to onedrive on non company devices, any ideas on how to block one drive only?
@AndyMaloneMVP 9 ай бұрын
Look at the OneDrive settings in the sharepoint admin centre
@sanjai2k 3 ай бұрын
Thanks for the wonderful session. Does Azure Virtual Desktop support MFA? Because when i tried it failed, so kindly guide on resolving it?
@AndyMaloneMVP 3 ай бұрын
It does but with a bit of work. Check out the Microsoft documentation on lynne.microsoft.com.
@gregoryigbinoba4778 19 күн бұрын
Hello Andy, We are looking to restrict access to company emails on Outlook clients installed on unmanaged devices. can we do this with only use of Conditional Access policies ? Any article you can share with a clue.
@AndyMaloneMVP 19 күн бұрын
Company emails can only be deployed on devices that are either registered or managed. I.e. registered means BYOD. Check out learn.microsoft.com for more details.
@patrick__007 Жыл бұрын
Perhaps for an future update on CA with Windows Defender Cloud for Apps?
@AndyMaloneMVP Жыл бұрын
If you take a look in my Microsoft defender and Microsoft per view playlists, there are sessions on cloud apps here that explain everything
@volkersahm 5 ай бұрын
well done. I want to suggest a more practical approach with examples in a real environment and with a specific set of policies that are basic best practice. not only showing the admin portal but also show a real result on a device. also a minimum security setup with a set of policies and settings would be nice as example. also we want to copy and paste a basic set of policies and settings from one tenant to another, to have best practice minimal settings for all clients. maybe one or more of those suggestions will lead to an update video on this neat features...thanks!
@AndyMaloneMVP 5 ай бұрын
Absolutely, come on one of my courses and I’ll show you
@AlBergstein 10 ай бұрын
Just a mention: User Risk and Sign In Risk require P2 licensing. Many NGOs that I handle do not get that in their licensing. Conditional access appears with P1 licensing which my NGOs apparently all have by default. (sigh)
@AndyMaloneMVP 10 ай бұрын
You’re right identity protection requires P2 conditional access P1
2 ай бұрын
Correct me if i am wrong but with CA - Block takes precedence right? lets say i got two CAs # one CA states BLOCK all users from accessing a Entra ID SSO app # second CA states allow all users to access a Entra ID SSO App, this means all users will be BLOCKED from accessing that Entra ID SSO app.
@rollover36 Жыл бұрын
Excelent vifdeo, 1.25 speed is the sweet spot for me but I appreciate the original speed
@AndyMaloneMVP Жыл бұрын
Cool, thanks
@sethb.9601 Жыл бұрын
I don't have that many options under protect & secure, just authenticaton methods and password reset. How do I unlock conditional access?
@AndyMaloneMVP Жыл бұрын
This sounds like a licensing issue.
@Abayomi-Munatech Жыл бұрын
Pls,How can I get train from you? Thanks
@AndyMaloneMVP Жыл бұрын
Pay me lots of money🤣😂🤗
@Abayomi-Munatech Жыл бұрын
@@AndyMaloneMVP I'm ready pls
@AndyMaloneMVP Жыл бұрын
@@Abayomi-Munatech please send me an email via my KZbin channel or LinkedIn giving me details of where your located and what training your looking for. My schedule is very busy but I can see if I can fit you in.
@richarddstephens Жыл бұрын
Love your content. Been following for a while now. Question for you on MFA/CA policies. As an admin, my phone screen went out on me, leaving me basically without a phone. Couldn't receive calls or texts which is what my MFA was configured for. What's the best way to configure myself so that if I'm ever in this situation again, I can still authenticate and access M365?
@AndyMaloneMVP Жыл бұрын
This is easy. Go into Microsoft 365 and go into the users account. There is an option to reinforce MFA. This will then force the user to repeat the MFA registration process. It’s well documented, learn.microsoft.com. Good luck
@audiodiwhy2195 6 ай бұрын
User interface at Entra has changed (of course). Still a good video.
@kareemck9479 5 ай бұрын
Thanks for the vedio. Could you please let me know what would be the ideal way to configure a policy if i wants to block all the countries and only allow users to login from the country where our office resides I know we can simply create this using named location and CA But what if any of my users travelling and i need to give them access to those countries as well.(only that user) i also dont want that user to get access to any other country than where she is travelling and office locations I tried multiple ways of creating polcies , but none seems to be fitting in. Some or the other flaws Can you please help me here
@AndyMaloneMVP 5 ай бұрын
I would probably create an allow only list which blocks all other countries using location based conditional access. For documentation on this please visit learn.microsoft.com or post a question to the Microsoft tech community 😊
@kareemck9479 5 ай бұрын
@@AndyMaloneMVPi beleive u probably misuderstood my question I will give you an example. My office resides in india. So i created a names location named office location and selected india . Created a policy excluding office location i.e india . Included any location . Grant acess block for all users. Now for eg if my CEO is travelling to UK , i want to allow him to login to all apps from india as well as UK. So if i exclude him from the main policy , he would be able to login from anywhere. But i only want him to login from uk and india. Secondly if i exclude him from main policy and create a new names location travel country and add UK. And create a new CA policy adding only my CEO and blocking any location excluding travel country. Would he be able to login only from uk or india and uk?? Secondly everytime when user travels we have to add them to secuity group and remove later which is a lot manual work So what would you suggest You help would be much appreciated . Thanks again for the swift response
@millicentwright9359 Жыл бұрын
😞 Promo>SM
seeVi la
Рет қаралды 46 МЛН
John Savill's Technical Training
Рет қаралды 15 М.
Microsoft Security Community
Рет қаралды 1,8 М.