Security Incident Response

If you think you have or know you have a Security Incident please fill in the form and our experienced Onevinn CSIRT team will reach out shortly.
 
The team has long experience in supporting customers in Incident Response and Compromised Recovery.
 
Keep calm and we will be with you shortly!

Conditional Access for sensitive information

Every organization have some extra sensitive information that requires more caution from its users. Common examples that emphasize sensitivity can be for example extra authentication or terms of use approval before they get access to the information. It’s all about raising awareness to reduce the risk of accidental information leaks!

Microsoft has now started a preview of a solution that can assist with this.

In Conditional Access we can now configure conditions for accessing certain SharePoint Sites/Teams based on the sensitivity label of these sites.

In the example below the user can access Public, Business and Confidential sites but to get access to information stored in classified Secret sites, we require MFA.

CA to sensitive information

It works the same in Microsoft Teams where Multifactor authentication is triggered when you access the team sites files:

CA to sensitive information Teams

If we need to raise awareness with more clarity, Terms of Use is a good complement.

CA TOU to sensitive information

The trick is a new feature in Conditional Access called Authentication Context where we can define conditions and then add this context to the site and group setting of a Sensitivity label

Let´s have a look on the configuration

We first create a new authentication context from the new part in Conditional Access. In my example I call this “TOU Secret Inf”

imageimage

We can then create a Conditional Access Policy for this authentication context:

image

Then define the conditions we want, in my case MFA and Terms of Use:

image

We then configure the sensitivity label with this new authentication context that are now available (in preview)

image

If for some reason you haven’t started classifying your Sites (I’d mainly recommend starting with that), you can use the PowerShell management for SharePoint and use the Set-SPOSite command to define what Conditional Access policy that should be used for the specific site.

This is done in the format:

Set-SPOSite -Identity <site url> -ConditionalAccessPolicy AuthenticationContext -AuthenticationContextName “same name as provided in AAD”

You have more information on docs

Good luck Smile