Site feedback

DanielLupton-2758 avatar image
0 Votes"
DanielLupton-2758 suggested

Conditional Access Rules Should Provide Organisations with a Deny by Default Approach

The current way Conditional Access rules are applied to manage and enforce access use a permit by default & most restrictive CA rule approach.
This approach is counter intuitive to what all other access management approaches provides where they deny by default and then permit the progression through access rules with options to stop processing when a given rule it hit.

The current way CA rules are implemented make it very difficult to implement the required policy and make it very easy to accidentally implement a configuration where an access request does not hit any of the CA rules and is just permitted by default.

Microsoft should provide organisations with an option to configure CA rules to a deny by default approach, support rule ordering and rule assessment stop options.
To start to provide parity with other IDPs the use of If/Else access rules would be beneficial as well.

azure-ad-conditional-access
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

No Solutions

Your Opinion Counts

Share your feedback, or help out by voting for other people's feedback.