You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/roles/protected-actions-add.md
+9-7Lines changed: 9 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -18,7 +18,7 @@ ms.date: 04/05/2022
18
18
> Protected actions are currently in PREVIEW.
19
19
> See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
20
20
21
-
[Protected actions](./protected-actions-overview.md) in Azure Active Directory (Azure AD) are permissions that have been assigned Conditional Access polices that are enforced when a user attempts to perform an action. This article describes how to add, remove, and test a protected action.
21
+
[Protected actions](./protected-actions-overview.md) in Azure Active Directory (Azure AD) are permissions that have been assigned Conditional Access polices that are enforced when a user attempts to perform an action. This article describes how to add, remove, and test protected actions.
22
22
23
23
## Prerequisites
24
24
@@ -28,9 +28,9 @@ To add or remove protected actions, you must have:
28
28
-[Conditional Access Administrator](permissions-reference.md#conditional-access-administrator) or [Security Administrator](permissions-reference.md#security-administrator)
29
29
- One or more [Conditional Access authentication context configured](../conditional-access/concept-conditional-access-cloud-apps.md#authentication-context)
30
30
31
-
## Add a protected action
31
+
## Add protected actions
32
32
33
-
To add a protection action, assign a Conditional Access policy to one or more permissions, using a Conditional Access authentication context.
33
+
To add protection actions, assign a Conditional Access policy to one or more permissions, using a Conditional Access authentication context.
34
34
35
35
1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com).
36
36
@@ -56,7 +56,7 @@ To add a protection action, assign a Conditional Access policy to one or more pe
56
56
57
57
The new protected actions appear in the list of protected actions
58
58
59
-
## Test a protected action
59
+
## Test protected actions
60
60
61
61
When a user performs a protected action, they'll need to satisfy Conditional Access policy requirements. This section shows the experience for a user being prompted to satisfy a policy. In this example, the user is required to authenticate with a FIDO security key before they can update Conditional Access policies.
62
62
@@ -84,9 +84,9 @@ When a user performs a protected action, they'll need to satisfy Conditional Acc
84
84
85
85
:::image type="content" source="media/protected-actions-add/test-policy-edit.png" alt-text="Screenshot of an enabled Conditional Access policy that can be edited." lightbox="media/protected-actions-add/test-policy-edit.png":::
86
86
87
-
## Remove a protected action
87
+
## Remove protected actions
88
88
89
-
To remove a protection action, unassign Conditional Access policy requirements from a permission.
89
+
To remove protection actions, unassign Conditional Access policy requirements from a permission.
90
90
91
91
1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com).
92
92
@@ -102,7 +102,7 @@ To remove a protection action, unassign Conditional Access policy requirements f
102
102
103
103
## Microsoft Graph
104
104
105
-
### Add a protected action
105
+
### Add protected actions
106
106
107
107
Protected actions are added by assigning an authentication context value to a permission. Authentication context values that are available in the tenant can be discovered by calling the [authenticationContextClassReference](/graph/api/resources/authenticationcontextclassreference?branch=main) API.
108
108
@@ -184,3 +184,5 @@ Make sure you're using Microsoft Graph PowerShell.
184
184
185
185
## Next steps
186
186
187
+
-[What are protected actions in Azure AD?](protected-actions-overview.md)
> | microsoft.directory/resourceNamespaces/resourceActions/authenticationContext/update | Update Conditional Access authentication context of Microsoft 365 role-based access control (RBAC) resource actions |
57
57
@@ -71,11 +71,11 @@ Here is the initial set of permissions:
71
71
72
72
1.**Add protected actions**
73
73
74
-
Add protected actions by assigning Conditional Access authentication context values to selected permissions. Learn more
74
+
Add protected actions by assigning Conditional Access authentication context values to selected permissions. [Learn more](./protected-actions-add.md#add-protected-actions)
75
75
76
-
1.**Use protected action**
76
+
1.**Test protected actions**
77
77
78
-
Sign in as a user and test the user experience by performing the protected action. You should be prompted to satisfy the Conditional Access policy requirements. For example, if the policy requires multi-factor authentication, you should be redirected to the sign-in page and prompted for strong authentication. Learn more
78
+
Sign in as a user and test the user experience by performing the protected action. You should be prompted to satisfy the Conditional Access policy requirements. For example, if the policy requires multi-factor authentication, you should be redirected to the sign-in page and prompted for strong authentication. [Learn more](./protected-actions-add.md#test-protected-actions)
79
79
80
80
## What happens with protected actions and applications?
81
81
@@ -119,4 +119,4 @@ Here are some best practices for using protected actions.
119
119
120
120
## Next steps
121
121
122
-
-[Add, remove, or use protected actions in Azure AD](./protected-actions-add.md)
122
+
-[Add, remove, or test protected actions in Azure AD](./protected-actions-add.md)
0 commit comments