deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 06:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #319 from MicrosoftDocs/ca

Browse Source 
update casing for conditional access
This commit is contained in:
jcaparas 2019-05-29 16:26:35 -07:00 committed by GitHub
commit a8cbea7ced
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 32 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
windows/security/threat-protection/microsoft-defender-atp/TOC.md
View File

@ -98,7 +98,7 @@
#### [Managed security service provider support](mssp-support.md) #### [Managed security service provider support](mssp-support.md)
### [Microsoft Threat Protection](threat-protection-integration.md) ### [Microsoft Threat Protection](threat-protection-integration.md)
#### [Protect users, data, and devices with conditional access](conditional-access.md) #### [Protect users, data, and devices with Conditional Access](conditional-access.md)
#### [Microsoft Cloud App Security in Windows overview](microsoft-cloud-app-security-integration.md) #### [Microsoft Cloud App Security in Windows overview](microsoft-cloud-app-security-integration.md)
#### [Information protection in Windows overview](information-protection-in-windows-overview.md) #### [Information protection in Windows overview](information-protection-in-windows-overview.md)
@ -360,7 +360,7 @@
#### [Configure managed security service provider (MSSP) support](configure-mssp-support.md) #### [Configure managed security service provider (MSSP) support](configure-mssp-support.md)
### Configure Microsoft Threat Protection integration ### Configure Microsoft Threat Protection integration
#### [Configure conditional access](configure-conditional-access.md) #### [Configure Conditional Access](configure-conditional-access.md)
#### [Configure Microsoft Cloud App Security in Windows](microsoft-cloud-app-security-config.md) #### [Configure Microsoft Cloud App Security in Windows](microsoft-cloud-app-security-config.md)
####[Configure information protection in Windows](information-protection-in-windows-config.md) ####[Configure information protection in Windows](information-protection-in-windows-config.md)

34
windows/security/threat-protection/microsoft-defender-atp/conditional-access.md
View File

@ -1,6 +1,6 @@
--- ---
title: Enable conditional access to better protect users, devices, and data title: Enable Conditional Access to better protect users, devices, and data
description: Enable conditional access to prevent applications from running if a device is considered at risk and an application is determined to be non-compliant. description: Enable Conditional Access to prevent applications from running if a device is considered at risk and an application is determined to be non-compliant.
keywords: conditional access, block applications, security level, intune, keywords: conditional access, block applications, security level, intune,
search.product: eADQiWindows 10XVcnh search.product: eADQiWindows 10XVcnh
search.appverid: met150 search.appverid: met150
@ -17,7 +17,7 @@ ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
--- ---
# Enable conditional access to better protect users, devices, and data # Enable Conditional Access to better protect users, devices, and data
**Applies to:** **Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
@ -26,26 +26,26 @@ ms.topic: article
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-conditionalaccess-abovefoldlink) >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-conditionalaccess-abovefoldlink)
Conditional access is a capability that helps you better protect your users and enterprise information by making sure that only secure devices have access to applications. Conditional Access is a capability that helps you better protect your users and enterprise information by making sure that only secure devices have access to applications.
With conditional access, you can control access to enterprise information based on the risk level of a device. This helps keep trusted users on trusted devices using trusted applications. With Conditional Access, you can control access to enterprise information based on the risk level of a device. This helps keep trusted users on trusted devices using trusted applications.
You can define security conditions under which devices and applications can run and access information from your network by enforcing policies to stop applications from running until a device returns to a compliant state. You can define security conditions under which devices and applications can run and access information from your network by enforcing policies to stop applications from running until a device returns to a compliant state.
The implementation of conditional access in Microsoft Defender ATP is based on Microsoft Intune (Intune) device compliance policies and Azure Active Directory (Azure AD) conditional access policies. The implementation of Conditional Access in Microsoft Defender ATP is based on Microsoft Intune (Intune) device compliance policies and Azure Active Directory (Azure AD) conditional access policies.
The compliance policy is used with conditional access to allow only devices that fulfill one or more device compliance policy rules to access applications. The compliance policy is used with Conditional Access to allow only devices that fulfill one or more device compliance policy rules to access applications.
## Understand the conditional access flow ## Understand the Conditional Access flow
Conditional access is put in place so that when a threat is seen on a device, access to sensitive content is blocked until the threat is remediated. Conditional Access is put in place so that when a threat is seen on a device, access to sensitive content is blocked until the threat is remediated.
The flow begins with machines being seen to have a low, medium, or high risk. These risk determinations are then sent to Intune. The flow begins with machines being seen to have a low, medium, or high risk. These risk determinations are then sent to Intune.
Depending on how you configure policies in Intune, conditional access can be set up so that when certain conditions are met, the policy is applied. Depending on how you configure policies in Intune, Conditional Access can be set up so that when certain conditions are met, the policy is applied.
For example, you can configure Intune to apply conditional access on devices that have a high risk. For example, you can configure Intune to apply Conditional Access on devices that have a high risk.
In Intune, a device compliance policy is used in conjunction with Azure AD conditional access to block access to applications. In parallel, an automated investigation and remediation process is launched. In Intune, a device compliance policy is used in conjunction with Azure AD Conditional Access to block access to applications. In parallel, an automated investigation and remediation process is launched.
A user can still use the device while the automated investigation and remediation is taking place, but access to enterprise data is blocked until the threat is fully remediated. A user can still use the device while the automated investigation and remediation is taking place, but access to enterprise data is blocked until the threat is fully remediated.
@ -54,23 +54,23 @@ To resolve the risk found on a device, you'll need to return the device to a com
There are three ways to address a risk: There are three ways to address a risk:
1. Use Manual or automated remediation. 1. Use Manual or automated remediation.
2. Resolve active alerts on the machine. This will remove the risk from the machine. 2. Resolve active alerts on the machine. This will remove the risk from the machine.
3. You can remove the machine from the active policies and consequently, conditional access will not be applied on the machine. 3. You can remove the machine from the active policies and consequently, Conditional Access will not be applied on the machine.
Manual remediation requires a secops admin to investigate an alert and address the risk seen on the device. The automated remediation is configured through configuration settings provided in the following section, [Configure conditional access](configure-conditional-access.md). Manual remediation requires a secops admin to investigate an alert and address the risk seen on the device. The automated remediation is configured through configuration settings provided in the following section, [Configure Conditional Access](configure-conditional-access.md).
When the risk is removed either through manual or automated remediation, the device returns to a compliant state and access to applications is granted. When the risk is removed either through manual or automated remediation, the device returns to a compliant state and access to applications is granted.
The following example sequence of events explains conditional access in action: The following example sequence of events explains Conditional Access in action:
1. A user opens a malicious file and Microsoft Defender ATP flags the device as high risk. 1. A user opens a malicious file and Microsoft Defender ATP flags the device as high risk.
2. The high risk assessment is passed along to Intune. In parallel, an automated investigation is initiated to remediate the identified threat. A manual remediation can also be done to remediate the identified threat. 2. The high risk assessment is passed along to Intune. In parallel, an automated investigation is initiated to remediate the identified threat. A manual remediation can also be done to remediate the identified threat.
3. Based on the policy created in Intune, the device is marked as not compliant. The assessment is then communicated to Azure AD by the Intune conditional access policy. In Azure AD, the corresponding policy is applied to block access to applications. 3. Based on the policy created in Intune, the device is marked as not compliant. The assessment is then communicated to Azure AD by the Intune Conditional Access policy. In Azure AD, the corresponding policy is applied to block access to applications.
4. The manual or automated investigation and remediation is completed and the threat is removed. Microsoft Defender ATP sees that there is no risk on the device and Intune assesses the device to be in a compliant state. Azure AD applies the policy which allows access to applications. 4. The manual or automated investigation and remediation is completed and the threat is removed. Microsoft Defender ATP sees that there is no risk on the device and Intune assesses the device to be in a compliant state. Azure AD applies the policy which allows access to applications.
5. Users can now access applications. 5. Users can now access applications.
## Related topic ## Related topic
- [Configure conditional access in Microsoft Defender ATP](configure-conditional-access.md) - [Configure Conditional Access in Microsoft Defender ATP](configure-conditional-access.md)

18
windows/security/threat-protection/microsoft-defender-atp/configure-conditional-access.md
View File

@ -1,5 +1,5 @@
--- ---
title: Configure conditional access in Microsoft Defender ATP title: Configure Conditional Access in Microsoft Defender ATP
description: description:
keywords: keywords:
search.product: eADQiWindows 10XVcnh search.product: eADQiWindows 10XVcnh
@ -18,11 +18,11 @@ ms.topic: article
ms.date: 09/03/2018 ms.date: 09/03/2018
--- ---
# Configure conditional access in Microsoft Defender ATP # Configure Conditional Access in Microsoft Defender ATP
**Applies to:** **Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
This section guides you through all the steps you need to take to properly implement conditional access. This section guides you through all the steps you need to take to properly implement Conditional Access.
### Before you begin ### Before you begin
>[!WARNING] >[!WARNING]
@ -43,12 +43,12 @@ There are steps you'll need to take in Microsoft Defender Security Center, the I
> [!NOTE] > [!NOTE]
> You'll need a Microsoft Intune environment, with Intune managed and Azure AD joined Windows 10 devices. > You'll need a Microsoft Intune environment, with Intune managed and Azure AD joined Windows 10 devices.
Take the following steps to enable conditional access: Take the following steps to enable Conditional Access:
- Step 1: Turn on the Microsoft Intune connection from Microsoft Defender Security Center - Step 1: Turn on the Microsoft Intune connection from Microsoft Defender Security Center
- Step 2: Turn on the Microsoft Defender ATP integration in Intune - Step 2: Turn on the Microsoft Defender ATP integration in Intune
- Step 3: Create the compliance policy in Intune - Step 3: Create the compliance policy in Intune
- Step 4: Assign the policy - Step 4: Assign the policy
- Step 5: Create an Azure AD conditional access policy - Step 5: Create an Azure AD Conditional Access policy
### Step 1: Turn on the Microsoft Intune connection ### Step 1: Turn on the Microsoft Intune connection
@ -85,17 +85,17 @@ Take the following steps to enable conditional access:
4. Include or exclude your Azure AD groups to assign them the policy. 4. Include or exclude your Azure AD groups to assign them the policy.
5. To deploy the policy to the groups, select **Save**. The user devices targeted by the policy are evaluated for compliance. 5. To deploy the policy to the groups, select **Save**. The user devices targeted by the policy are evaluated for compliance.
### Step 5: Create an Azure AD conditional access policy ### Step 5: Create an Azure AD Conditional Access policy
1. In the [Azure portal](https://portal.azure.com), open **Azure Active Directory** > **Conditional access** > **New policy**. 1. In the [Azure portal](https://portal.azure.com), open **Azure Active Directory** > **Conditional Access** > **New policy**.
2. Enter a policy **Name**, and select **Users and groups**. Use the Include or Exclude options to add your groups for the policy, and select **Done**. 2. Enter a policy **Name**, and select **Users and groups**. Use the Include or Exclude options to add your groups for the policy, and select **Done**.
3. Select **Cloud apps**, and choose which apps to protect. For example, choose **Select apps**, and select **Office 365 SharePoint Online** and **Office 365 Exchange Online**. Select **Done** to save your changes. 3. Select **Cloud apps**, and choose which apps to protect. For example, choose **Select apps**, and select **Office 365 SharePoint Online** and **Office 365 Exchange Online**. Select **Done** to save your changes.
4. Select **Conditions** > **Client apps** to apply the policy to apps and browsers. For example, select **Yes**, and then enable **Browser** and **Mobile apps and desktop clients**. Select **Done** to save your changes. 4. Select **Conditions** > **Client apps** to apply the policy to apps and browsers. For example, select **Yes**, and then enable **Browser** and **Mobile apps and desktop clients**. Select **Done** to save your changes.
5. Select **Grant** to apply conditional access based on device compliance. For example, select **Grant access** > **Require device to be marked as compliant**. Choose **Select** to save your changes. 5. Select **Grant** to apply Conditional Access based on device compliance. For example, select **Grant access** > **Require device to be marked as compliant**. Choose **Select** to save your changes.
6. Select **Enable policy**, and then **Create** to save your changes. 6. Select **Enable policy**, and then **Create** to save your changes.
For more information, see [Enable Microsoft Defender ATP with conditional access in Intune](https://docs.microsoft.com/intune/advanced-threat-protection). For more information, see [Enable Microsoft Defender ATP with Conditional Access in Intune](https://docs.microsoft.com/intune/advanced-threat-protection).
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-conditionalaccess-belowfoldlink) >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-conditionalaccess-belowfoldlink)

6
windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration.md
View File

@ -40,8 +40,8 @@ Microsoft Defender ATP provides a comprehensive server protection solution, incl
## Azure Information Protection ## Azure Information Protection
Keep sensitive data secure while enabling productivity in the workplace through data data discovery and data protection. Keep sensitive data secure while enabling productivity in the workplace through data data discovery and data protection.
## Conditional access ## Conditional Access
Microsoft Defender ATP's dynamic machine risk score is integrated into the conditional access evaluation, ensuring that only secure devices have access to resources. Microsoft Defender ATP's dynamic machine risk score is integrated into the Conditional Access evaluation, ensuring that only secure devices have access to resources.
## Microsoft Cloud App Security ## Microsoft Cloud App Security
@ -56,7 +56,7 @@ The Skype for Business integration provides s a way for analysts to communicate
## Related topic ## Related topic
- [Protect users, data, and devices with conditional access](conditional-access.md) - [Protect users, data, and devices with Conditional Access](conditional-access.md)

2
windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md
View File

@ -100,7 +100,7 @@ Query data using Advanced hunting in Microsoft Defender ATP.
>[!NOTE] >[!NOTE]
>Available from Windows 10, version 1803 or later. >Available from Windows 10, version 1803 or later.
- [Conditional access](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection) <br> Enable conditional access to better protect users, devices, and data. - [Conditional Access](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection) <br> Enable conditional access to better protect users, devices, and data.
- [Microsoft Defender ATP Community center](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection)<BR> - [Microsoft Defender ATP Community center](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection)<BR>
The Microsoft Defender ATP Community Center is a place where community members can learn, collaborate, and share experiences about the product. The Microsoft Defender ATP Community Center is a place where community members can learn, collaborate, and share experiences about the product.