mirror of
https://github.com/KelvinTegelaar/CIPP.git
synced 2026-04-25 08:16:01 +03:00
[GH-ISSUE #2236] [Feature Request]: Conditional Access #1154
Labels
No labels
API
Feature
NotABug
NotABug
Planned
Sponsor Priority
Sponsor Priority
bug
documentation
duplicate
enhancement
needs more info
no-activity
no-priority
not-assigned
pull-request
react-conversion
react-conversion
roadmap
security
stale
unconfirmed-by-user
unconfirmed-by-user
wontfix
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
starred/CIPP#1154
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @Link-itSupport on GitHub (Mar 20, 2024).
Original GitHub issue: https://github.com/KelvinTegelaar/CIPP/issues/2236
Description of the new feature - must be an in-depth explanation of the feature you want, reasoning why, and the added benefits for MSPs as a whole.
Hi Kelvin and John,
I have a few suggestions that would be very handy in the CIPP CA settings:
Making CA with interface
When creating a CA policy via CIPP now, you have the option to enable, disable, or set it to report only. We would like to provide more options when rolling out CA policy from CIPP. This includes being able to select groups fetched from the tenant via CIPP when creating a CA policy. Additionally, if possible, pre-adding a trusted location specific to that customer would be beneficial. Much can already be done when working with the JSON of your CA policy template, but this isn't accessible to everyone in our company.
Temporarily CA
You can temporarily create a conditional access policy that is automatically removed later.
This would be useful if someone needs to be available abroad. Otherwise, a separate CA policy would have to be set up so that he can still log in. People can forget to disable the temporary policy, so it gets messy and can make mistakes.
An interface I can see before me is actually just like Vacation Mode, so you select a line and after DATE-TIME run the following command: Remove-AzureADMSConditionalAccessPolicy Selected policy name
A github page what may help is for powershell commands: https://github.com/Azure-Samples/azure-ad-conditional-access-apis/blob/main/01-configure/powershell/readme.md
Thanks!
PowerShell commands you would normally use to achieve above request
Remove-AzureADMSConditionalAccessPolicy Selected policy name
@KelvinTegelaar commented on GitHub (Mar 27, 2024):
for #2 we already have a solution; Vacation mode is made for just that.
@Link-itSupport commented on GitHub (Mar 28, 2024):
Hi Kelvin,
By number 2, we actually mean that we roll out a CA and with an end date in it.
After that end date, this CA is automatically removed again.
The vacation mode only ensures that a user is 'excluded', but if this user goes abroad but still wants temporary access from abroad.
Of course, you don't want to open up this country to everyone, so by creating a temporary rule, we make sure it is only accessible to that user.
At number 1, is this something that is going to be included in the roadmap?
@github-actions[bot] commented on GitHub (Apr 7, 2024):
This issue is stale because it has been open 10 days with no activity. We will close this issue soon. If you want this feature implemented you can contribute it. See: https://docs.cipp.app/dev-documentation/contributing-to-the-code . Please notify the team if you are working on this yourself.
@Link-itSupport commented on GitHub (Apr 11, 2024):
Hi Kelvin,
Could you please give us an update about this feature request?