Conditional Access Policies

Advanced Protection

Scalable

Customisable

Regulation Requirements

Enhance your Microsoft account’s security by implementing a Conditional Access Policy for regulating and safeguarding against unauthorised logins.

Conditional Access Policies provide a valuable security layer to your Microsoft account by controlling access when certain criteria are met. The system will evaluate factors such as login location, device type, multifactor authentication status, the application in use, and risk detection. Based on the result of this evaluation, access to emails, SharePoint, OneDrive, and other sensitive data will be granted or denied.

Implementing these policies significantly improves your business’s security by preventing unauthorised access even when credentials are compromised, or in the case of token theft and multifactor authentication is bypassed. The policies are flexible, allowing you to tailor them to your business’s specific needs for compliance with security and regulatory requirements. Conditional Access Policy examples include:

  • Blocking sign-ins deemed to be high-risk
  • Granting or blocking access from certain locations
  • Requiring multifactor authentication approval for certain tasks
  • Allowing access only from specified devices
  • Blocking access using outdated security protocols

Conditional Access Policies play a vital role in protecting against sophisticated cyber threats, including email account takeovers (ATO) by providing real-time protection, enforced instantly at each login attempt. They form a crucial part of a comprehensive security strategy, working alongside other measures like Advanced Email Security to help keep your business safe.

Our team will ensure you have the Microsoft licencing to take full advantage of Conditional Access Policies, tailoring them to your specific business needs and security requirements. Contact us to protect your Microsoft accounts.

FAQs

A Conditional Access Policy is a security measure that controls access to your Microsoft account when certain criteria are met. The system will evaluate factors such as login location, device type, and risk detection to determine whether access to the email account, SharePoint folders, or other data should be granted. For example, the login must be from a certain location, or from a specific device to gain access.

Tokens are used to authenticate your identity and what you have access to - most commonly, to prevent needing to type in your email password every time you open Outlook or your File Explorer.  Token theft occurs when an attacker obtains a digital credential that verifies your identity to your work account. This can occur through many methods including Man-in-the-Middle (MITM) attacks when the communication between the user and the server is intercepted to capture the token. It is important that your business is protected from these types of attacks through Conditional Access Policies.

Conditional Access Policies can be tailored to each business’s specific needs for compliance with security and regulatory requirements. Conditional Access Policy examples include:

  • Blocking sign-ins deemed to be high-risk
  • Granting or blocking access from certain locations
  • Requiring multifactor authentication approval for certain tasks
  • Allowing access only from specified devices
  • Blocking access using outdated security protocols

MFA requires users to present two or more verification factors when logging into a device, application, website, or network. The factors fall into three main categories:

  • Knowledge factors: Something the user knows, like a password or PIN code
  • Possession factors: Something the user has, like an authenticator app on a mobile device
  • Inherence factors: Something the user is, like a fingerprint, facial or voice scan

By requiring two or more of these factors, MFA prevents unauthorised access even if the password is known. Whenever a login attempt occurs, the user will have to verify their identity via an additional factor like a fingerprint scan or one-time passcode. This added layer of security is an effective tool for blocking unauthorised access to accounts.

Conditional Access Policies control access to emails, SharePoint, OneDrive and other sensitive data, only when certain criteria are met. The system will evaluate factors such as login location, device type, muti-factor authentication status, the application in use, and risk detection to determine whether access should be granted or denied. This helps protect your business’s security by preventing unauthorised access even when credentials are compromised, or in the case of token theft and multifactor authentication is bypassed.

Account takeover is a serious cybersecurity threat where unauthorised users gain access to existing accounts, often through stolen or hacked login credentials. Unlike identity theft, which involves creating new accounts, account takeover exploits existing relationships between users and service providers. This is usually in the form of phishing emails sent to contacts to trick them into providing personal or business information, leveraging the trust associated with the known sender to spread malware or scams further.

The consequences of an account takeover can be severe:

  • Financial losses from unauthorised transactions or drained accounts
  • Theft of sensitive personal information
  • Reputational damage if the account is used to spread malicious content
  • Emotional distress for the victims

Recovering from an account takeover is often a long and complex process. Victims must secure their compromised accounts, monitor their credit reports, and guard against potential identity theft. For businesses, account takeovers can lead to data breaches, financial losses, and erosion of customer trust.

It is vital that businesses have cyber security measures in place such as Advanced Email Protection, multi-factor authentication, Conditional Access Policies, and user awareness training to reduce the risk of Email Account Takeover.

Related Services

Microsoft Exchange Emails

Take advantage of industry-leading emails set up, migrated, and managed by Carrera.

IT Support

Our friendly and highly skilled team are always available to resolve any IT issue.

Acronis Antivirus

Acronis uses cutting-edge technology in antivirus, anti-malware and anti-ransomware giving your business industry-leading protection.

Follow Us:

Facebook

Twitter

LinkedIn