Protecting the front door to your Microsoft cloud environment

As businesses continue to shift towards cloud-based operations, it’s crucial to ensure that your online systems access is properly secured. One key tool is Conditional Access Simulator in Azure Active Directory (AAD) to create rules around the following:

• Require (certain types of) MFA
• Block legacy authentication
• Restrict/allow certain IP addresses
• Force password changes
• Require containerized applications
• Require compliant (company-owned) devices
• Take actions on user risk and device risk
• Block/allow certain devices (based on OS, device type, model, etc.)
• Apply specific sign-in frequency
• …

While these policies can be incredibly helpful in protecting your organization, they can also be complex; many organizations have a burdensome 10 — 15 policies in place.

Unfortunately, it’s not uncommon for organizations to have little understanding of whether their Conditional Access policies are working as intended. It can be caused by a lack of documentation or knowledge transfer failure as employees change roles or leave the company. Additionally, Microsoft constantly adds new features to Conditional Access, making it even harder to stay up to date.

While the Microsoft What-If tool can be helpful for testing specific scenarios and understanding how your Conditional Access policies might be applied, it does not provide the comprehensive insight and ongoing assessment needed to ensure the security and effectiveness of your policies over time.

To address these challenges, Toreon has developed the Conditional Access Simulator — a tool that allows you to test specific access scenarios and help you understand exactly how your policies are applied. This Microsoft add-on provides insight into your organization’s current attack surface and allows you to fine-tune existing policies or create new ones that better meet your access control needs.

Using the Conditional Access Simulator, you’ll receive:

• Insight into how your Conditional Access policies behave in all possible situations
• Closure and proof that your policies work as intended
• 6 bi-monthly pentests included in a 1-year subscription
• The option to request 4 additional pentests in the event of changed access policies

With the Conditional Access Simulator, you can define the desired state (outcome) for each simulation and see how they behave. Each simulation is counted based on real life sign-ins in your organization, providing a comprehensive and accurate picture of your access control.

In addition to the testing capabilities, the Conditional Access Simulator also generates automated documentation. An overview includes the past actions taken in conditional access (such as the change policy, add policy, delete policy, etc.) and an inclusion/exclusion matrix to visually show which users or groups are included or excluded from each policy. Automated documentation makes a valuable resource for understanding and improving your organization’s access control policies over time.

Instead of leaving the security of your Microsoft cloud environment to chance, consider the Conditional Access Simulator as a way to continuously assess and improve your security posture. You take control of your access policies and protect your organization’s valuable assets.