- Microsoft has unveiled new automatic Conditional Access policies aimed at safeguarding organizations from cyberattacks.
- These policies cover a range of security measures, from requiring multifactor authentication for admin portals to enhanced protection for high-risk sign-ins.
- Microsoft plans to combine machine learning-based policy insights and recommendations with automated policy rollout to boost security.
Microsoft has announced plans to introduce new Conditional Access policies that will automatically protect customers against potential cyberattacks. Starting next week, the company will begin rolling out the new policies to all eligible commercial customers.
“We’ve designed these policies based on our deep knowledge of the current cyberthreat landscape to help our customers strengthen their security baseline, and we’ll adapt them over time to keep the security bar high. These policies are part of a broader initiative to strengthen security, which includes key engineering advances,” said Alex Weinert, Vice President, Identity Security.
Microsoft plans to roll out the following three policies to all eligible tenants:
Once rolled out, IT admins will be able to find the policies by signing into the Microsoft Entra admin center, and navigating to Protection > Conditional Access > Policies. The new policy view user experience provides detailed information, including a summary, recommended actions, alerts, and policy impact. It’s also possible to leverage sign-in and audit logs to track these policies.
Additionally, IT admins can exclude specific users, roles, and groups from these policies, allowing for exceptions such as emergency and break glass accounts. Microsoft says administrators also have the option to duplicate a policy and customize it to their specific needs, just like any other Conditional Access policy.
Microsoft notes that IT Pros will have a 90-day window to review or disable these policies before they become enabled by default. The policies will be in a report-only mode, which will allow Conditional Access to log policy results without enforcing them.
Microsoft plans to gradually enhance these Conditional Access policies to protect organizations against cyber threats. “Our eventual goal is to combine machine learning-based policy insights and recommendations with automated policy rollout to strengthen your security posture on your behalf with the right controls,” Weinert added.