Conditional-policy

Conditional Policy for MFA

Curently we have conditional policy enabled for all the users to have MFA configured to access microsoft account. Policy contains this rules.

1. Rules for all users
2. Target resources include microsoft Admin portal and office 365.
3. Access Control is Grant access with Require multifactor authentication

4. policy enable = on

   

Policy for Office 365 access inside AVD.

Grant policy contains rules to give access to user group that are connected to AVD to have access to Office 365 inside AVD.

Rules includes:

1. In Assignment section: Users includes groups and users are allowed.
2. Target resources are cloud apps that include office 365.
3. conditions is based on location, currently we have NAT gateway for our AVD, which are categorized and location are set according to the IP provided by NAT.
4. Now access control is grant require Multifactor Authentication.

5. policy is enabled.

   

Policy to block access to Office 365 outside AVD.

This rule contains the restrict policy for office 365 outside AVD location.

Rules includes: 1. In Assignment section: Users includes groups and users. 2. Target resources are cloud apps that include office 365. 3. Condition is based on location where any location is included as AVD location is Excluded. 4. Access Control is block access. 5. policy is enabled.