Challenge #6 - Conditional Access - Are You Who You Say You Are?

< Previous Challenge - Home - Next Challenge>

Description

As a result of incorporating the CMC Consultant ID Verify-inator, QA has been satisfied with the fixes and CMC IT Leadership is happy again……BUT (here we go), they have realized that the site might need a little more tightening up.

IT Leadership has requested that we (you) incorporate policies in your SignUp / SignIn User Flow that will require users to verify who they are, using either a code sent to their phone or to their email address.

As a result, during the sign in process, a user should be prompted to enter a verification code (acquired either via a phone call, text message, or email). IT Leadership wants the conditional access policy to be based on user location, although for now, they want all locations to force a MFA challenge.

After some tests, IT Leadership decided to change your conditional access policies to only force a MFA challenge for all locations but only for users using Android devices. (Most of leadership has iPhones, so there’s that.)

Lastly, IT Leadership has asked to block risky users, which we’ve decided to rely on Azure AD’s risk detection in order to determine what users are risky. Leadership has decided to upgrade our B2C tenant to a P2 pricing tier (if it wasn’t there already) and have asked you to implement an additional Conditional Access policy to detect medium and high risk users and block them from logging in to any application. A typical scenario for medium and high risk user activities could be using anonymous browsers (such as a Tor browser) to access our apps.

Success Criteria

CMC IT Leadership considers your efforts a success (and your odds of a promotion more likely) if you accomplish the following:

Learning Resources

Advanced Challenges (Optional)

Too comfortable? Eager to do more? Try these additional challenges!