What is Azure AD Terms of use?

Within Azure AD conditional Access there is an option called Terms of use. As Microsoft explains it:

Azure AD Terms of use provides a simple method that organizations can use to present information to end users. This presentation ensures users see relevant disclaimers for legal or compliance requirements.

So basically, you will give the end users a popup or screen when they login with a disclaimer for legal or compliance reasons. It is similar when you start working at your company and have to sign a document about using the network and internet of when you click next for reading the terms of use of installing that piece of software.

How can you configure it?

The configuration is part of Azure AD Conditional Access, to access this you need to be global admin or Conditional Access administrator.
The direct link is https://portal.azure.com/#blade/Microsoft_AAD_IAM/ConditionalAccessBlade/TermsOfUse

Creating a new term is as easy as clicking on add and fill in the fields.

As you can see a very simple form where you can give it a name, display name and an PDF file per language with the actual Terms of use.
You can also choose to let the end user give consent every 90 days or other time that is suitable for you.
The “Require users to expand the terms of use” should be “On” by default is my opinion because then the end user needs to at least scroll down to the end before giving their consent.

As it is part of Conditional Access the template needs to be associated with a policy. There are 2 policies predefined, for all users and for all guest users.
When you select all users and you have directory synchronization enabled you need to update the policy that is created and exclude the sync account otherwise it will break the synchronization.
The sync account can be found with “sync_”

If you select “Custom policy”, you will be guided to create a new Conditional Access policy.
When you have selected “Create conditional access policy later”, you can add this Terms of use to any existing or new conditional access policy.

When you have selected one of the last 2 option you can find this Terms of use in the Grant blade of the new policy.

What license do you need?

To start using it you need a Azure AD premium P1 license or higher, this can be part of Enterprise Mobility Suite.

References

Microsoft docs (https://docs.microsoft.com/en-us/azure/active-directory/governance/active-directory-tou)

0 Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.