Menu
Modern Workplace Blog
  • Home
  • About: Kenneth van Surksum
  • Cookie Policy
Modern Workplace Blog
December 15, 2022December 15, 2022

December 2022 update of the conditional access demystified whitepaper and workflow cheat sheet.

I’m proud to announce the December 2022 update of my Conditional Access demystified whitepaper. With this release, we have reached the fifth iteration of the whitepaper and accompanying files.

I released the first version in in August 2019 after writing several blogposts on the subject. In May last year I released the second version containing a lot of updates. In February this year I released another update, and in October 2021 I released update 4. Today I’m releasing a new update, the December 2022 version 1.4 update.

The paper has had some updates, including all information from the blogposts I’ve written about the subject since the latest release. The paper therefore has grown from 95 to 140 pages at this point in time, for reference the May 2020 version contained only 30 pages.

You can download the paper from my GitHub page here: Conditional Access demystified-v1.4 – December 2022.pdf

In this version I added the following updates:

Workflow cheat sheet

The workflow cheat sheet has been updated to reflect the current status of the Conditional Access policies. With the workflow I want to provide IT pro’s with a handy cheat sheet which they can use while building or troubleshooting conditional access policies. If you print the cheat sheet or display it on a secondary monitor it can be quite handy and I use it all the time. 

CA Workflow cheat sheet

The workflow cheat sheet is available separately for download from my GitHub page here: Conditional Access Workflow – v1.4.pdf

My recommended set of Conditional Access policies

I’ve included my recommended set of conditional access policies. The reasoning behind the policies is described, and I will detail each policy which needs to be created. Also a reference to a spreadsheet is included, containing all the necessary settings in the Conditional Access policy: Conditional Access Policy Description-v1.4.xlsx

New in this version is that I also exported the CA policies from my environment using the Intune Manager tool written by Mikael Karlsson, with this tool you should also be able to import the baseline policies in your own environment. Please make sure that you import the policies as “Report-Only” first and not import them turned on.

You can find the baseline policies provided in this version here: https://github.com/kennethvs/cabaseline202212

Further updates

I also added other information like:

  • Filtering for Apps and Workload Identities
  • Granular Guest control
  • Authentication Strength
  • Cross tenant settings
  • More information about CA Templates
  • Updated Approved Apps versus Require App Protection policy information
  • Updated information about break glass accounts
  • And more..

I hope you enjoy and learn something from reading the paper and that it helps you to setup Conditional Access for the tenant(s) you are administering. Feel free to reach out if you have any questions or remarks.

Tweet
Follow me
Tweet #WPNinjasNL

2 thoughts on “December 2022 update of the conditional access demystified whitepaper and workflow cheat sheet.”

  1. Roel Heymans says:
    February 5, 2023 at 9:19 am

    Thanks Alain for the great update Kenneth.
    Would it make sense to scope CAD002 to all cloud apps? Doing so unfortunately blocks edge profiles from signing in.
    Is there a way to scope CAD002 to everything except for edge profile sign-in?
    Or should we add all relevant apps to the CAD002 rule on top of O365?

    Reply
    1. Kenneth says:
      February 5, 2023 at 10:42 am

      Hi Roel,

      Thanks for visiting my blog –

      CAD013 is what you are looking for, I would never scope this to ALL apps since it will certainly break things, it will break the apps which you cannot select in the Conditional Access properties and you will have a really hard time figuring out which. But you can add Apps on a per-app basis and add an additional layer above Office 365.

      Hope this helps, if not please let me know.

      /Kenneth

      Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Founding member of:

Recent Posts

  • December 2022 update of the conditional access demystified whitepaper and workflow cheat sheet.
  • Conditional Access public preview functionality reviewed (22H2) – Part 3: Granular control for external user types
  • Conditional Access public preview functionality reviewed (22H2) – Part 2: Conditional Access filters for Apps and Workload Identities
  • Conditional Access public preview functionality reviewed (22H2) – Part 1: Authentication Strength
  • Speaking about Mobile Application Management at the AppManagEvent 2022 on October 7 in Utrecht

Books

System Center 2012 Service Manager Unleashed
Amazon
System Center 2012 R2 Configuration Manager Unleashed: Supplement to System Center 2012 Configuration Manager
Amazon
System Center Configuration Manager Current Branch Unleashed
Amazon
Mastering Windows 7 Deployment
Amazon
System Center 2012 Configuration Manager (SCCM) Unleashed
Amazon

Archives

  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • May 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • August 2019
  • July 2019
  • November 2016
  • November 2015
  • June 2015
  • May 2015
  • November 2014
  • July 2014
  • April 2014
  • March 2014
  • February 2014
  • January 2014
  • November 2013
  • August 2013
  • April 2013
  • March 2013
  • January 2013
  • December 2012
  • November 2012
  • August 2012
  • July 2012
  • June 2012

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Categories

  • ABM (3)
  • Advanced Threat Protection (4)
  • Announcement (42)
  • Azure (3)
  • AzureAD (64)
  • Certification (2)
  • Cloud App Security (3)
  • Conditional Access (50)
  • Configuration Manager (24)
  • Events (11)
  • Exchange Online (7)
  • Identity Protection (3)
  • Intune (17)
  • Licensing (2)
  • Microsoft Endpoint Manager (35)
  • Mobile Application Management (1)
  • Modern Workplace (65)
  • Office 365 (10)
  • Overview (10)
  • Power Platform (1)
  • PowerShell (2)
  • Presentations (7)
  • Privileged Identity Management (4)
  • Role Based Access Control (2)
  • Security (50)
  • Service Manager (4)
  • Speaking (22)
  • Troubleshooting (4)
  • Uncategorized (11)
  • Windows 10 (14)
  • Windows 11 (4)
  • Windows Update for Business (3)
  • WMUG.nl (16)
  • WPNinjasNL (30)

Tags

#AzureAD #community #conditionalaccess #ConfigMgr #IAM #Intune #m365 #MEM #MEMCM #microsoft365 #modernworkplace #office365 #security #webinar #wmug_nl ATP AzureAD Branding Community Conditional Access ConfigMgr ConfigMgr 2012 Configuration Manager Email EXO Identity Intune Licensing MCAS Modern Workplace Office 365 OSD PIM Policy Sets Presentation RBAC roles Security Service Manager SSP System Center troubleshooting webinar Windows 10 WMUG

Recent Comments

  • Kenneth on Intune: Choosing whether to assign to User or Device Groups
  • Kenneth on December 2022 update of the conditional access demystified whitepaper and workflow cheat sheet.
  • Roel Heymans on December 2022 update of the conditional access demystified whitepaper and workflow cheat sheet.
  • Azure MFA, SSPR, Authn methods – Jacques Dalbera's IT world on Conditional Access public preview functionality reviewed (22H2) – Part 2: Conditional Access filters for Apps and Workload Identities
  • Mark on Intune: Choosing whether to assign to User or Device Groups

This information is provided “AS IS” with no warranties, confers no rights and is not supported by the author.

Copyright © 2021 by Kenneth van Surksum. All rights reserved. No part of the information on this web site may be reproduced or posted in any form or by any means without the prior written permission of the publisher.

Shorthand: Don’t pass off my work as yours, it’s not nice.

©2023 Modern Workplace Blog | Powered by WordPress and Superb Themes!
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT