Microsoft just announced the preview of Azure AD Conditional Access policies for Exchange and SharePoint Online. This option allows us to enable multi-factor authentication (MFA) or block access based on network location. These policies will only work on Exchange and Sharepoint Online. This will be helpful to improve the security of Exchange and Sharepoint.
As part of the current preview release, the following rules are supported in Exchange and SharePoint Online:
- Always require MFA
- Require MFA when not at work
- Block access when not at work.
Microsoft recommends enabling these polices alongside risk based Conditional Access policy available with Azure AD Identity Protection. The risk based policies give an advanced baseline of coverage, challenging users for MFA or blocking access as risk is detected. Then apply a per-application policy, like always requiring MFA, for services with additional security or compliance requirements.