Many organisations restrict access to Office 365 services and applications from unmanaged or non-compliant endpoints through the use of Azure AD conditional access policies. In additional to these traditional conditional access policies, Cloud Apps Security (CAS) extends these capabilities with additional features, including custom block messages and custom alerts surfaced from within the CAS administration portal.
CAS policies are broken down into session policies (those which affect web browser sessions) or access policies (those which affect desktop applications) and are applied to access attempts against Office 365 applications and services such as Microsoft OneDrive for Business, Microsoft Exchange Online, Microsoft SharePoint Online, and Microsoft Teams.
Microsoft’s Cloud Apps Security (MCAS) extends the conditional access configuration and alerting capabilities provided by Azure Active Directory. Many organisations rely on conditional access to control the devices people use to access corporate data, and in many instances to block access if devices do not meet compliance requirements.
But what happens if blocking access from unmanaged devices is too restrictive? What if an organisation needs to continue to support access from these devices and can access be enabled in a secure manner?
Understanding who has access to your resources Securing and managing membership of privileged groups and roles should be a priority for every organisation. Privileged groups and roles, those which provide elevated access to resources of which may be of sensitive or confidential nature, are vital for any IT department to function and provide administrators access to the services and data supporting the business.
Traditionally, IT departments utilise a security model whereby administrative permissions are permanently assigned irrespective of how often they are required, or accounts may have access enabled and revoked on an as needed basis, which is a manual process subject to human error.
Introduction Collaboration shouldn’t be limited to people within your own organisation, extending these capabilities to allow external guest participants improves how people share ideas and information. Keeping files and conversations within a single location removes the need to continually swap communications via email or other methods, reduces unnecessary copies of data that is difficult to reconcile when compiling authoritative versions, and removes the need to send this information externally for which you have no control over its use (unless you’ve deployed rights managements, which is a conversation for another time).