Hi everyone. Welcome. My name is Jason Rutherford and I’m the Managing Partner for Model Technology Solutions. Today I’m going to show you Microsoft’s cloud access security broker (CASB) implements Dynamic Access Control and a specific use case scenario that we ran across recently.

How Microsoft’s CASB Implements Dynamic Access Control (A Use Case)

Let’s say you have a SharePoint site and you want to control the data and how users interact with that SharePoint site when they’re on a browser from a non-trusted machine. For example, they’re working from home and you want to prevent them from downloading data from SharePoint.

Now, the users might be full admins of the actual SharePoint site itself, and that’s okay. But when they’re at home on a non-trusted device and you really can’t protect that data anymore, you want to limit what they can do.

Here’s a visual of how that can work. This screenshot is Model’s marketing site and the blog calendar from 2017 in SharePoint.

Dynamic Access Control, Microsoft Security, Unified Endpoint Management

Let’s say that I wanted to download the calendar. Notice I can download it because I’m on a trusted device.

Dynamic Access Control, Microsoft Security, Unified Endpoint Management

Now let’s open up a browser on a non-trusted device as an account with a different policy applied to it. The first thing you’ll notice is we receive a warning that the SharePoint site is being monitored.

Dynamic Access Control, Microsoft Security, Unified Endpoint Management

This is a feature of Microsoft’s CASB. As a user we can choose hide this message for a week, and as an admin we can turn it off entirely if desired.

Now, if you choose to continue to the site, and you go back to our blog schedule and try to download it, we now see that the download is being blocked by our organization’s security policy with a message that says, “You’ve been blocked by a session policy, contact Jason Rutherford, cloud app security.” This is actually a customized message you can set.

Dynamic Access Control, Microsoft Security, Unified Endpoint Management

To execute this, there’s a conditional access policy that takes a specific user and gap under the condition and flips it over to use the control access app or session control app from Microsoft’s CASB.

Dynamic Access Control, Microsoft Security, Unified Endpoint Management

Identify Infrastructure Security Holes and Growth Opportunities

How mature is your infrastructure? Have your infrastructure assessed by Model Technology engineers, and identify exactly where and how Unified Endpoint Management could improve your security, compliance, and efficiency.

From there, we can take a look at the policies that we have set up on our conditional access and create a new policy to block downloads from SharePoint online.

Dynamic Access Control, Microsoft Security, Unified Endpoint Management

If you click on a specific policy, you can edit it and also create the custom message here.

Dynamic Access Control, Microsoft Security, Unified Endpoint Management

Dynamic Access Control, Microsoft Security, Unified Endpoint Management

If you’d like to hear more about Microsoft CASB or Microsoft security products in general, as it relates to cloud data or Unified Endpoint Management, don’t hesitate to reach out to us at model-technology.com/contact-us.

About the Author: Jason Rutherford

Managing Partner – Model Technology Solutions With over 18 years of Systems Management experience, Jason’s focus on people, process, and delivery has shaped Model into the consulting practice that it has become today. His approach to creating a consulting organization focused on creating IT efficiencies has led to strategic partnerships with Model’s clients. He believes in strong community support and that knowledge sharing is a critical factor to success.

Three Minutes For A More Secure & Efficient Infrastructure

Short and to the point, Steve’s Email Blasts give you endpoint management tips, tricks, and news in three minutes or less email read-time, guaranteed.

Model says no to spam. Privacy Policy

Model Technology Solutions

Model Technology Solutions is a small but mighty band of infrastructure experts. We’ve helped companies in diverse industries to modernize and automate their infrastructures through effectively managing their Microsoft endpoint suite.

With us on your team, you’ll watch your security and compliance go up and your IT team’s costs (and headaches) go down. You’ll relax in knowing that your endpoints will be secure and online when your users need them most. And you’ll finally get back to your most-important tasks.

Model Technology Solutions
12125 Woodcrest Executive Drive, Ste. 204 Creve Coeur, MO 63141

Phone: (314) 254-4138
General Inquiries: model@model-technology.com
Sales and Quotes: sales@model-technology.com