Conditional Access Provides Another Level of Security Protection For Educational Institutes


Conditional Access is an excellent additional layer of security that educational institutions should seriously consider implementing to further secure sensitive information.

I blogged recently about my security presentation at the Independent Schools of New Zealand Annual Conference during which I did a live demonstration of Azure Information Protection. In this presentation, I specifically demonstrated how keywords can be defined and then automatically identified inside of an Office365 document, resulting in pre-defined levels of security being applied e.g. watermarks (Confidential, for instance), blocking of printing / sharing of the document and automatic headers/footers being applied).

Today, I saw a recent blog post from Matt Soseman (I’ve shared previous posts of his) that is focused on securing content not only with Azure Information Protection (AIP) but also introduces Conditional Access – particularly, restricting access to content to only managed devices.

Managed devices are defined as:

  • Joined to a Windows Server Active Directory Domain Services environment that is synchronized to Azure Active Directory. This is considered Azure AD Hybrid Join
  • Joined to Azure Active Directory and managed by Microsoft Intune (MDM)
  • Managed by Microsoft Intune MDM (iOS/Android)
  • Not only managed, but also compliant with Microsoft Intune’s compliance policy.

This is a really important additional layer of protection in terms of stopping important information leaking outside of organisations and most K-12 and H.Ed institutions would be managing their staff devices along the lines of one of the options above.

In an educational context, where BYOD devices are so prevalent, using Conditional Access to secure content to only Managed Devices, goes a long way towards preventing students either accidentally or nefariously, viewing unauthorised content

As always, I encourage you to read the original blog post in full, where Matt shares the following graphic that visually explains Conditional Access and then he does an awesome walk through step by step on how to configure it:

Conditional Access 1.png

The good news for educational institutes is that Conditional Access and AIP are included in the M365 A3 Suite which many K-12 and Higher Education institutes have already invested in, meaning they can leverage this additional security layer at no cost.

By combining more commonly used security tools such as Multi Factor Authentication (I also demonstrated this at the ISNZ event), with things like Conditional Access and Azure Information Protection, schools are moving towards best practice around cyber security. Again, read the original blog post for the step by step guide on setting this up.

I am always keen to discuss what I've written and hear your ideas so leave a reply here...