“Conditional Access” is a feature included in Azure Active Directory and aims to determine the right of access based on predefined conditions.

Some conditions are illustrated below:

• Membership of users or groups: In order to reduce the risk of loss of sensitive data, it is possible to define the users or groups of users who can access certain applications and / or resources.
• Location.  position can be considered risky for example:
  • if you are in a country with limited security policies;
  • in the event that the wireless network is not secure;
  • because it is not a place where the organization generally develops its business
• You can also change the access requirements for logins from locations that are not in an IP Safe List (About IP Addresses) or that are risky for other reasons. Users who access a service when they are outside the corporate network should be required to use a Multi-Factor Authentication mechanism
• Device: To enforce conditional access policies, you can consider users with devices on specific platforms or marked with a specific status.
• Application: Users are able to access many “cloud” applications using different types of applications (web-based, mobile app or desktop app). In this context, it is possible to apply security policies, for example, to deny access if a user uses a certain application.