At this point, I want to give some credit to a very important child service of Azure AD. Azure AD conditional access is a very simple way to control and secure access to resources in the cloud and on premises. Azure AD conditional access is a premium feature in Azure AD. You can grade access, for example, by the following conditions:
- Group membership: Access based on group membership
- Location: Block controls when a user is not on a trusted network, or trigger MFA
- Device platform: Use the device platform (iOS, Android, Windows versions) to apply a policy
- Device-enabled: Device state (enabled or disabled) is validated during device policy evaluation
- Sign-in and user risk: Azure AD Identity Protection for conditional access risk policies