AzureAD - Authentication context (PREVIEW)

Authentication context can be used to further secure data and actions in applications. These applications can be your own custom applications, custom line of business (LOB) applications, applications like SharePoint, or applications protected by Microsoft Cloud App Security (MCAS).

How to configure

Authentication contexts are managed in the Azure portal under:

?Azure Active Directory?>?Security?>?Conditional Access?>?Authentication context.

Note:

1. Deleting authentication context definitions is not possible during the preview.
2. The preview is limited to a total of 25 authentication context definitions in the Azure portal.

Create a new authentication context definitions by selecting?New authentication context?in the Azure portal. Configure the following attributes:

• Display name?is the name that is used to identify the authentication context in Azure AD and across applications that consume authentication contexts. We recommend names that can be used across resources, like "trusted devices", to reduce the number of authentication contexts needed. Having a reduced set limits the number of redirects and provides a better end to end-user experience.
• Description?provides more information about the policies it is used by Azure AD administrators and those applying authentication contexts to resources.
• Publish to apps?checkbox when checked, advertises the authentication context to apps and makes them available to be assigned. If not checked the authentication context will be unavailable to downstream resources.
• ID?is read-only and used in tokens and apps for request-specific authentication context definitions. It is listed here for troubleshooting and development use cases.

How to add to Conditional Access policy

Administrators can select published authentication contexts in their Conditional Access policies under?Assignments?>?Cloud apps or actions?and selecting?Authentication context?from the?Select what this policy applies to?menu. As you can see, the authentication context I created earlier is available in the conditional access policy.