Microsoft issued a reminder today that IT pros should switch Azure Active Directory conditional access policies that were created using the “classic” Azure portal to policies supported by the new Azure Portal.
The new Azure Portal is also known as the “Azure Active Directory Admin Center.” It now has a couple of features to help with the transition, according to Microsoft’s announcement. For instance, the new Azure Portal will show the policies that were created using the “classic Azure portal, Intune Silverlight portal, and the Intune App Protection portal.” Moreover, Microsoft has added a new “disable option for each classic policy.”
IT pros should create new Azure AD conditional access policies using the new Azure Portal and then delete their older conditional access policies created with the old Azure Portal. The announcement suggested that organizations can use the newly added features in the new Azure Portal to “migrate on a timeline that works best for you.”
Conditional access is an access control scheme for client devices. It permits access to network resources based on meeting conditions set by IT pros.
The reason to make the switch is that the Azure AD conditional access policies that IT pros may have created using the classic Azure Portal will continue to function alongside any policies created with the new Azure Portal. Here’s how Microsoft characterized that scenario in this “Best Practices” document:
“Both policies [created by the new and old portals] are enforced by Azure Active Directory and the user gets access only when all requirements are met.”
There’s another motivation to perform the switch. Microsoft suggested that “the new policies enable you to address scenarios you could not handle with classic policies,” according to this “Migration” document.
Microsoft’s reminder comes about four months after Microsoft first enabled conditional access policies within the new Azure Portal. Microsoft is planning to put an end to support for its classic Azure Portal. The old Azure portal will be deprecated, meaning that it won’t get developed or patched by Microsoft.