Functionality of Conditional Access, MFA and SSO

Conditional Access

• Enforced through policies

• You can target all applications, a particular application, a certain user, etc

  • They need to follow conditions to be granted access

    • ex. Are they using MFA or are they on a proper device

MFA

• Available on AAD P1+ subscriptions

  • You might have the authenticator app, sms, call, token, etc

• Security defaults (without p1 or higher) you only get MFA like the auth app

SSO (Single or seamless sign on)

• Authenticate to Azure AD, which then grants you tokens that can be used elsewhere creating a seamless experience for the user