Microsoft Conditional Access

Level Up Microsoft Conditional Access with Beyond Identity’s Device Security Checks

Categories: Product, Workforce

Organizations turn to adaptive access policies to ensure that the right users have the right level of access at the right time. For Microsoft customers, Microsoft Conditional Access is great for creating access policies for Windows 10 and Office 365 applications. However, there’s been explosive growth in the number of apps organizations use on a daily basis—organizations have an average of 110 apps in their SSO, each containing different levels of risk and requiring different access control policies. 

With the rise of remote work and BYOD, it’s even more difficult to securely authenticate users and their devices. Security and IT teams need to provide the workforce with the flexibility to get work done at any time. 

BYOD continues to be a problem—it’s especially prevalent today with more employees onboarding remotely, reduced budgets for corporate-issued phones, and lack of resources to continuously support a company-wide mobile device management (MDM) program.

This results in more and more devices connecting and accessing company resources in your single-sign-on (SSO) at a faster rate than your organization can secure them, which leaves organizations vulnerable to device-level threats, from malware to misconfigurations. 

Beyond Identity helps close the gap between strong authentication policies and unmanaged devices. Our integration with Azure AD SSO and other popular SSOs authenticates users with the strongest and most reliable factors, and checks the security of every device at the time of login. 

Here’s how Beyond Identity levels up your Conditional Access policies 


Beyond Identity

Keeps password as back up to use on non-PC devices

Eliminates passwords from all authentication and recovery processes, and removes passwords from user and device directory

Supports passwordless desktop login for Windows 10 PCs only

Supports passwordless desktop login for Windows 10 PCs and supports passwordless SSO login for Windows 10 PCs, Mac, Linux, Android, iPhones, iPads / tablets

Checks the security of managed devices to determine access 

Checks the security of managed and unmanaged devices to determine access (all devices requesting access are bound to an identity)

Requires MDM for device management status 

Doesn’t require MDM
(optional MDM integration for additional attributes)

IT required to enroll MDM on devices 

User self-enrolls the lightweight, transparent authenticator on each of their devices

Structured policy creator based on user groups 

Unlimited, extensible policy creator based on user groups, apps, devices, and risk-level 

Five attribute checks available

Unlimited, customizable device security checks powered by OS query such as: is there a biometric set up, is the device jailbroken, is FileVault on, is the VPN app installed, is the antivirus software running, is the device managed, etc.

Requires software to set up: Active Directory Certificate Service, MDM, and MFA

No third party software required, easy to implement and set up

Beyond Identity checks every device for risk to ensure only authorized users and approved devices get access to SaaS applications, reducing the risk of device-level threats, especially on unmanaged, BYOD devices. Our extensible, customizable continuous authentication policies enable security teams to customize their device-level security checks for more dynamic control over company data in highly-accessible SaaS apps.

Get a demo today.