Sign-in risk-based Conditional Access (Requires Azure AD Premium P2)
대부분의 사용자는 추적 가능한 일반 동작을 갖고 있으며, 정상 범위를 벗어나면 사용자가 로그인하도록 허용하는 것이 위험할 수 있습니다. 해당 사용자를 차단 하거나 multi-factor authentication을 수행 하도록 요청 하는 것이 사실 사용자의 신원을 증명할 수 있습니다.
로그인 위험은 지정 된 인증 요청이 id 소유자에 의해 권한이 부여 되지 않은 확률을 나타냅니다. Azure AD Premium P2 라이선스가 있는 조직은 로그인 위험 검색 Azure AD ID 보호통합 하는 조건부 액세스 정책을 만들 수 있습니다.
이 정책이 할당 될 수 있는 두 가지 위치가 있습니다.
- Enable through Identity Protection
- Enable with Conditional Access policy
Policy Settings (Enable with Conditional Access policy)
- Policy Name: Sign-in risk-based Conditional Access with Conditional Access
- State:
Assignments
- Users and Groups
- Include
- None
- All users
- Select users and groups
- All guest and external users
- Directory roles
- Users and groups
- Exclude: Global Administrators Role user
- All guest and external users
- Directory roles: Global administrator
- Users and groups
- Include
- Cloud apps or actions
- Cloud apps
- Include
- None
- All cloud apps
- Select apps
- Exclude:
- Select excluded cloud apps
- Include
- User actions
- Register security information
- Register or join devices
- Cloud apps
- Conditions
- User risk: Not configured
- Sign-in risk: Not configured
- Device platforms: Not configured
- Locations: Not configured
- Client apps
- Modern authentication clients
- Browser
- Mobile apps and desktop clients
- Legacy authentication clients
- Exchange ActiveSync clients
- Other clients
- Modern authentication clients
- Device state (Preview): Not configured
- Include
- All device state
- Exclude
- Device Hybrid Azure AD joined
- Device marked as compliant
- Include
Access controls
- Grant
- Black access
- Grant access
- Require multi-factor authentication
- Require device to be marked as compliant
- Require Hybrid Azure AD joined device
- Require approved client app
- Require app protection policy
- Require password change
For Multi controls
- Require all the selected controls
- Require one of the selected controls
- Session: 0 Controls selected
- Use app enforced restrictions
- Use Conditional Access App Control
- Sign-in frequency
- Persistent browser session
Policy Settings (Enable through Identity Protection)
- Policy Name: Sign-in risk-based Conditional Access through Identity Protection
- State:
Assignments
- Users and Groups
- Include
- None
- All users
- Select users and groups
- All guest and external users
- Directory roles
- Users and groups
- Exclude: Global Administrators Role user
- All guest and external users
- Directory roles: Global administrator
- Users and groups
- Include
- Cloud apps or actions
- Cloud apps
- Include
- None
- All cloud apps
- Select apps
- Exclude:
- Select excluded cloud apps
- Include
- User actions
- Register security information
- Register or join devices
- Cloud apps
- Conditions
- User risk: Not configured
- Sign-in risk: Not configured
- Device platforms: Not configured
- Locations: Not configured
- Client apps
- Modern authentication clients
- Browser
- Mobile apps and desktop clients
- Legacy authentication clients
- Exchange ActiveSync clients
- Other clients
- Modern authentication clients
- Device state (Preview): Not configured
- Include
- All device state
- Exclude
- Device Hybrid Azure AD joined
- Device marked as compliant
- Include
Access controls
- Grant
- Black access
- Grant access
- Require multi-factor authentication
- Require device to be marked as compliant
- Require Hybrid Azure AD joined device
- Require approved client app
- Require app protection policy
- Require password change
For Multi controls
- Require all the selected controls
- Require one of the selected controls
- Session: 0 Controls selected
- Use app enforced restrictions
- Use Conditional Access App Control
- Sign-in frequency
- Persistent browser session