MicrosoftDocs / azure-docs

Open source documentation of Microsoft Azure
https://docs.microsoft.com/azure
Creative Commons Attribution 4.0 International
10.27k stars 21.45k forks source link

Is the flow chart present at https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/plan-conditional-access correct? #108966

Open Celio-Rossy opened 1 year ago

Celio-Rossy commented 1 year ago

Hello

I was going through conditional access documentation (https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/plan-conditional-access) and the decision flowchart present in the page is not making sense to me. Could be that I understand it wrong, but I would expect that if "Access control BLOCK conditions satisfied" is true, then the access token would not be issued. But the flowchart seems to imply the opposite. When result is "No" says the flowchart then token is not issued.

Anyway, I am not yet familiar enough with CA, so this could be a misunderstanding on my side. Hope someone will have a look into this.

Best, Celio


Document Details

Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.

ManoharLakkoju-MSFT commented 1 year ago

@Celio-Rossy Thanks for your feedback! We will investigate and update as appropriate.

YashikaTyagii commented 1 year ago

@Celio-Rossy I understand your confusion. The flowchart in the documentation you mentioned is a bit confusing. You are correct that if the "Access control BLOCK conditions satisfied" is true, then the access token would not be issued. The flowchart seems to imply the opposite. When the result is "No," it means that the access token is not issued.

In general, Conditional Access policies are evaluated when a user attempts to access a resource. If the conditions of the policy are met, the user is either granted or denied access to the resource. If the user is granted access, an access token is issued. If the user is denied access, no access token is issued.

I hope this helps clarify your understanding of Conditional Access policies. Let me know if you have any further questions.

Celio-Rossy commented 1 year ago

@YashikaTyagii Thanks for the follow-up. I think I understood under what conditions the user would be granted access to the resource (i.e. the access token is issued).

However something still does no add up after your explanation. If the "No" was supposed to mean "the access token is not issued", then the result on "CA policies are in scope of request" condition is incorrect. The flowchart says an access token is issued.

If the "No" and "Yes" do represent the result of the condition described in the diamond shape, then the "No" and "Yes" attached to "Access control BLOCK conditions satisfied" are the opposite of what they should be.

YashikaTyagii commented 1 year ago

@Celio-Rossy Yes, you are correct, and it seems document need to be updated. I am going to assign this issue to content author who will update accordingly. @Gargi-Sinha kindly take a look at this case.

lisaychuang commented 1 year ago

Tagging @MicrosoftGuyJFlo , our Content Dev for Conditional Access to help with this review. Thanks!

Gargi-Sinha commented 1 year ago

Hi @lisaychuang - The flow chart is updated. Could you please close this ticket. Thanks!

Celio-Rossy commented 1 year ago

Hi @Gargi-Sinha , has the flow chart been pushed to public space? I still see the old chart when browsing the documention.

MicrosoftGuyJFlo commented 1 year ago

Removing diagram at issue until @Gargi-Sinha can republish.