You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/roles/protected-actions-add.md
+24-7Lines changed: 24 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -25,14 +25,33 @@ ms.date: 04/05/2022
25
25
To add or remove protected actions, you must have:
26
26
27
27
- Azure AD Premium P1 or P2 license
28
-
-[Conditional Access Administrator](permissions-reference.md#conditional-access-administrator) or [Security Administrator](permissions-reference.md#security-administrator)
29
-
- One or more [Conditional Access authentication context configured](../conditional-access/concept-conditional-access-cloud-apps.md#authentication-context)
28
+
-[Conditional Access Administrator](permissions-reference.md#conditional-access-administrator) or [Security Administrator](permissions-reference.md#security-administrator) role
30
29
31
-
## Add protected actions
30
+
## Configure Conditional Access policy
32
31
33
-
To add protection actions, assign a Conditional Access policy to one or more permissions, using a Conditional Access authentication context.
32
+
Protected actions use a Conditional Access authentication context, so you must configure an authentication context and add it to a Conditional Access policy. If you already have a policy with an authentication context, you can skip to the next section.
34
33
35
-
1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com).
34
+
1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) or [Azure portal](https://portal.azure.com).
1. Select **New authentication context** to open the **Add authentication context** pane.
39
+
40
+
1. Enter a name and description and then select **Save**.
41
+
42
+
:::image type="content" source="media/protected-actions-add/authentication-context-add.png" alt-text="Screenshot of New policy page to create a new policy with an authentication context." lightbox="media/protected-actions-add/authentication-context-add.png":::
43
+
44
+
1. Select **Policies** > **New policy** to create a new policy.
45
+
46
+
1. Create a new policy and select your authentication context.
47
+
48
+
For more information, see [Conditional Access: Cloud apps, actions, and authentication context](../conditional-access/concept-conditional-access-cloud-apps.md).
49
+
50
+
:::image type="content" source="media/protected-actions-add/policy-authentication-context.png" alt-text="Screenshot of Add protected actions page in Roles and administrators." lightbox="media/protected-actions-add/policy-authentication-context.png":::
51
+
52
+
## Add protected actions
53
+
54
+
To add protection actions, assign a Conditional Access policy to one or more permissions using a Conditional Access authentication context.
@@ -44,8 +63,6 @@ To add protection actions, assign a Conditional Access policy to one or more per
44
63
45
64
1. Select a configured Conditional Access authentication context.
46
65
47
-
If no values are available, [configure a Conditional Access authentication context](../conditional-access/concept-conditional-access-cloud-apps.md#authentication-context) for your tenant.
48
-
49
66
1. Select **Select permissions** and select the permissions to protect with Conditional Access.
50
67
51
68
:::image type="content" source="media/protected-actions-add/permissions-select.png" alt-text="Screenshot of Add protected actions page with permissions selected." lightbox="media/protected-actions-add/permissions-select.png":::
0 commit comments