How it works...
In on-premises networks, access is typically governed by group memberships; when you authenticate on a domain-joined system, the groups an account is a member of dictate the level of access. Dynamic Access Control and Authentication Policies, introduced in Windows Server 2012, showed the possibilities of attribute-based access control with claims in Kerberos.
For cloud applications, services, and systems, a more granular form of access control is needed. Microsoft introduced the controls organizations need with Conditional Access. Access can be allowed or denied, per Azure AD account and/or group, and per Azure AD-integrated applications, including on-premises claims-based applications and applications that are published through ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access