Office 365 Portal and More Now Controllable by Azure AD Conditional Access

One feature that was requested for a really long time by many of my customers was the ability to control access to portal.office.com. Until now this was a big miss since users could open this portal regardless of your conditional access policies created for your other Office 365 services. Off course the services accessible via the Office Portal are controlled by your Conditional Access policies but there is allot of information to gain from the portal itself.

A new Office 365 (preview) client app is created that can be used to control access to multiple Office 365 cloud apps by using this one client app, so you can target multiple apps at once. Another major benefit is that when Microsoft adds another app to the Office 365 suite, it is automatically controlled by Conditional Access which is unfortunately currently not the case.

If you look in your tenant(s) you will find the Office 365 (preview) client app (all of my tenants has this client app available)

Currently the following Office 365 applications are included in the Office 365 (preview) client;

  • Microsoft Exchange Online Protection
  • Microsoft Flow
  • Microsoft Forms
  • Microsoft Office 365 Portal (including admin.microsoft.com)
  • Microsoft Teams
  • Microsoft Teams Services
  • Microsoft To-Do WebApp
  • Office 365 Exchange Online
  • Office 365 Search Service
  • Office 365 SharePoint Online
  • Office 365 Yammer
  • Office Delve
  • Office Hive
  • Office Online
  • OneDrive
  • OneNote
  • PowerApps
  • Skype for Business Online
  • Sway
  • Workplace Analytics

There are a lot of advantages to use the new client app;

  • Less Conditional Access rules needed to control access Office 365 services.
  • New Office 365 services are automatically controlled by Conditional Access.
  • Portal access controlled: A scenario to test this could be to only allow access to the Office 365 apps from compliant devices. We will see that access to the Office Portal, where a lot of meta data is show is not allowed anymore from a non-managed or non-complaint device.
  • But also adding an Office 365 account an Office 365 ProPlus installation on a non-managed device can be blocked.

When trying to access for instance the Office Portal you will see the following in the sign-in logs.

Access to portal.office.com is blocked

Make sure to test this in your environment to see if it has value for you.

About the Author:

I am a Principal Consultant and Trainer with a specialty on Enterprise Client Management and Enterprise Mobility working for Daalmans Consulting.

Since April 2012 I have been awarded as Microsoft MVP in System Center Configuration Manager, Enterprise Client Management (Microsoft Intune and System Center Configuration Manager) and since 2015 the award has been renamed to Enterprise Mobility, a big honor!. I am working with deployment tooling from competitors since 1997, and in 2005 the deployment tooling like BDD and SMS 2003 from Microsoft came in my life and were embraced since then. 🙂 In the years after that until now, numerous (international) SCCM, Intune, EMS and Exchange Server/Office 365 projects came on my path.

Reference:

Daalmans, P. (2020).Office 365 Portal and More Now Controllable by Azure AD Conditional Access. Available at: https://ems.world/2020/01/14/office-365-portal-and-more-now-controllable-by-azure-ad-condition-access/ [Accessed: 25th May 2020].

Check out more great Azure content here

Share this on...

Rate this Post:

Share:

Topics:

Azure