Share via

HTTPS Conditional Access policy to VM

Sam Oz 36 Reputation points
2022-01-26T03:22:02.913+00:00

Hi everyone. I'm looking for the best way to lockdown HTTPS traffic to a VM for internal staff only.

We have an Azure VM with an IIS website which is for internal staff access only. We have an Azure AD only environment with E5 licenses. Intune is rolled out to all Windows 10 machines. We are using Conditional Access at the Enterprise Application level, but this does not block traffic at the port level.

The VM has an NSG configured to allow HTTPS (no Firewall configured yet).

What is the best way to implement Conditional Access to the HTTPS port, for Compliant Intune devices only?

Azure Virtual Machines
Azure Virtual Machines

An Azure service that is used to provision Windows and Linux virtual machines.

Azure Firewall
Azure Firewall

An Azure network security service that is used to protect Azure Virtual Network resources.

Azure Virtual Network
Azure Virtual Network

An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.

Microsoft Security | Intune | Other
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jason Sandys 31,421 Reputation points Microsoft Employee Moderator
    2022-01-26T14:18:22.693+00:00

    Conditional Access is a "gate" on AAD authentication and is unrelated to controlling network traffic so in and of itself can't do what you ask.

    I think Azure App Proxy will do what you want though as this can add a layer of pre-authentication to the network traffic flow and thus CA could be used. See https://learn.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-security for guidance on a possible path.

    Was this answer helpful?

    1 person found this answer helpful.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.