As of June 2019, Microsoft addeda key security feature to the Microsoft 365 Business offering: Conditional Access. Prior to June, you had to add a subscription to Azure AD Premium Plan 1 to gain the features of Conditional Access. Here’s an explanation of what it is and why you should enable it.
What is Conditional Access?
The Microsoft 365 Business Conditional Access feature allows you to implement automated, conditional access controls for accessing your cloud apps. Cloud services and the ability to access them anywhere is wonderful until you realize that access from anywhere means attackers can access those same applications. A typical office worker doesn’t really need access from anywhere. They only need access from where they work. Conditional access lets you set up policies to restrict access.
How to set up Conditional Access
You can set up these policies either from the old Microsoft 365 Device Management location or the new preview portal location under Azure Active Directory link. To set up a policy, click on “Conditional Access”, then “New”, and then on “New policy”. You will see your options to set policies.
At a minimum you’ll want to set policies for SharePoint and for Online Exchange as those are the two major places where your data resides. You may also wish to purchase Azure licenses to cover additional protection for administrator accounts. For example, you can add separate Azure AD Premium Plan 2 licenses for administrator accounts for additional protection of high-risk accounts. Sign-in risk, for example, needs the P2 license to be enforced.