We have heard Azure RemoteApp customers ask for stronger controls over user access, such as forcing multi-factor authentication for users outside of the workplace environment. This, and more, is now possible with the latest update to the Azure AD Conditional Access preview!
You can now set access rules specific to Azure RemoteApp; for example, you can select a group of users for whom multi-factor authentication will always be required when logging into RemoteApp. You could also choose to completely block access for users not at work.
You can read the Active Directory team blog to find out more about this new functionality, including detailed instructions for how to use it with Azure RemoteApp.
A few things to keep in mind:
- Conditional access requires Azure AD Premium. You can try it for free with your existing Azure AD.
- Conditional access rules are set within your Azure AD. All RemoteApp collections and subscriptions that use that directory will have the same access rules apply
- Conditional access only applies to organizational accounts in your Azure AD (for example your Office365 user accounts). If you have any Microsoft accounts (e.g. @hotmail.com) in your Azure RemoteApp collections they will not be subject to the access rules you have set up.
Note: Questions and comments are welcome. However, please DO NOT post a request for troubleshooting by using the comment tool at the end of this post. Instead, post a new thread in the Azure RemoteApp forum.