Configure Terms of Use in Azure Active Directory

Configure Terms of Use in Azure Active Directory

In this post, we will look at how to configure Azure Active Directory Terms of Use.

What are Azure AD Terms of Use:

Terms of use in Azure AD is an easy way for organizations to present information to their end users. The information presented ensures that the users see and accepts the relevant disclaimers and legal information.

This post will share the steps needed to get started with terms of use.

What can be achieved with Terms of Use (ToU)

Organizations will be able to use the following capabilities in Azure AD ToU.

• Require employees or guests to accept your terms of use policy before getting access.
• Require employees or guests to accept your terms of use policy on every device before getting access.
• Require employees or guests to accept your terms of use policy on a recurring schedule.
• Require employees or guests to accept your terms of use policy before registering security information in Azure AD Multi-Factor Authentication (MFA).
• Require employees to accept your terms of use policy before registering security information in Azure AD self-service password reset (SSPR).
• Present a general terms of use policy for all users in your organization.
• Present specific terms of use policies based on a user attributes (such as doctors versus nurses, or domestic versus international employees) by using dynamic groups).
• Present specific terms of use policies when accessing high business impact applications, like Salesforce or Dynamics 365.
• Present terms of use policies in different languages.
• List who has or hasn’t accepted to your terms of use policies.
• Help meeting privacy regulations.
• Display a log of terms of use policy activity for compliance and audit.
• Create and manage terms of use policies using Microsoft Graph APIs.

To use and configure Azure AD terms of use policies, you must have:

• Azure AD Premium P1, P2, EMS E3, or EMS E5 licenses.

Azure ToU (Terms of Use) uses a PDF to present the content to the end user. The PDF can be any content such as a contract, this allows the organization to collect end-user agreement during sign-in.

How to configure Azure Terms of Use (ToU)

To start navigate to Azure Portal and click on Azure Active Directory >Security > Conditional Access.

• 1. Click on Terms of use.
  2. Click on + New Terms

• 1. Provide the following information for your Terms of Use
     • Name
     • Terms of Use Document (upload your org copy)
     • Specify your Language of choice

On the next section you will need to define the user actions

• • • Require users to expand the terms of use
    • Require users to consent on every device
    • Expire consents
    • Duration before re-acceptance required

For this demonstration I have selected that “Require users consent on ever device”

Once you select this option, you will notice a warning message saying, “Consent on every device will require users to register each device with Azure AD prior to getting access.”

Also, I have selected that users should be re-accept after 90 days.

Now that we have defined some of the basic configurations, we need to scroll down and create the associated “Conditional Access Policy”

On the Conditional Access policy section, click on the drop down and select “Create conditional access policy later” and then click on Create at the bottom of the page.

Let’s head over to the Conditional Access portal and create a new policy which will enforce Terms of use for users.

On Conditional Access, click on Policies

From the Policies page, click on + New Policy

On the new Conditional Access Policy blade, provide the following information.

Name: CA001: Enforce ToU for users

Assignments: All User / All guest and external users.

By selecting All external users and guest we force them to comply to the organizations policies.

Next, let on Cloud apps or actions and click on “select apps”

On the next blade select “Microsoft Azure Management” and then click on Select.

Next, lets go a head and click on “Grant” and select the Terms of Use we have created.

From the blade on the left-hand side click on your Terms of Use Policy and click “Select”

Lastly, select “on” to Enable the policy and then click on Create.

The newly created Conditional Access Policy will be listed with the rest of the policies.

How do you know if it works?

Since this policy applies to all users in the organization, we just need to sign-in to Azure Portal.

https://portal.azure.com

You will then be presented with the following screen after sign-in.

The users will have to click on the “Terms of Use “document and review it before they can click on Accept.

Once they have reviewed and click on Accept then they will be allowed to access the portal.

Now that we have the policy setup, let’s have over to Azure Active Directory and verify that the user accepted the Terms of use.

On the Azure Active Directory Portal navigate to Sign-in logs.

On the sign-in logs page, click on Filter and add Conditional Access >Success

Click on the user with the success sign-in log then click on Conditional Access on the Activity Details page.

As we can see from the image below the conditional access policy applied successfully for the end user.

To get additional information about the Terms of Use, lets head over to Conditional Access portal and click on Terms of Use.

Select the newly created Terms of Use Policy a new blade will open showing the Terms of use document details. Here you will be able to see how many users accepted the terms of use and accepted it.

If you click on “Users accepted” then a new blade will open showing you all the users who have accepted the terms.

And that is how you can setup terms of use for your organization.

Sharing is caring!