Office 365 Portal, and more now controllable by Azure AD Conditional Access

One feature that was requested for a really long time by many of my customers was the ability to control access to portal.office.com. Until now this was a big miss since users could open this portal regardless of your conditional access policies created for your other Office 365 services. Off course the services accessible via the Office Portal are controlled by your Conditional Access policies but there is allot of information to gain from the portal itself.

A new Office 365 (preview) client app is created that can be used to control access to multiple Office 365 cloud apps by using this one client app, so you can target multiple apps at once. Another major benefit is that when Microsoft adds another app to the Office 365 suite, it is automatically controlled by Conditional Access which is unfortunately currently not the case.

If you look in your tenant(s) you will find the Office 365 (preview) client app (all of my tenants has this client app available)

Currently the following Office 365 applications are included in the Office 365 (preview) client;

  • Microsoft Exchange Online Protection
  • Microsoft Flow
  • Microsoft Forms
  • Microsoft Office 365 Portal (including admin.microsoft.com)
  • Microsoft Teams
  • Microsoft Teams Services
  • Microsoft To-Do WebApp
  • Office 365 Exchange Online
  • Office 365 Search Service
  • Office 365 SharePoint Online
  • Office 365 Yammer
  • Office Delve
  • Office Hive
  • Office Online
  • OneDrive
  • OneNote
  • PowerApps
  • Skype for Business Online
  • Sway
  • Workplace Analytics

There are a lot of advantages to use the new client app;

  • Less Conditional Access rules needed to control access Office 365 services.
  • New Office 365 services are automatically controlled by Conditional Access.
  • Portal access controlled: A scenario to test this could be to only allow access to the Office 365 apps from compliant devices. We will see that access to the Office Portal, where a lot of meta data is show is not allowed anymore from a non-managed or non-complaint device.
  • But also adding an Office 365 account an Office 365 ProPlus installation on a non-managed device can be blocked.

When trying to access for instance the Office Portal you will see the following in the sign-in logs.

Access to portal.office.com is blocked

Make sure to test this in your environment to see if it has value for you.

A video of the feature will be added to my YouTube channel soon, make sure to subscribe to my EnterpriseMobility.tips Channel!

Comments

Total
0
Shares
1 comment
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Happy New Year!! & a retrospective of 2019

Next Post

Enterprise Mobility Tips Episode #008

Related Posts
Total
0
Share