Microsoft now allows you to apply risk-based conditional access policies at the Azure AD application level, providing you with real-time detection and automated protection that is fueled by the vast data in Microsoft’s Intelligent Security Graph.
Today, several improvements to conditional access in have been published through the new Azure Portal:
Risk-based access policies per application: Leverage machine learning on a massive scale to provide real-time detection and automated protection. Now you can use this data to build risk-based policies per application.Greater flexibility to protect applications: Set multiple policies per application or set and easily roll out global rules to protect all your applications with a single policy.All these capabilities are now available in a unified administrative experience on the Azure portal. This makes it even easier to create and manage holistic conditional access policies to all your applications.https://blogs.technet.microsoft.com/enterprisem…
Now in public preview, Azure AD Pass-Through Authentication is a 3rd alternative in the options for “single sign-on” between Active Directory and Azure AD. Designed to remove the infrastructure requirements of AD Federation Services, it provides a more seamless SSO experience than the Password Hash Sync through AAD Connect.
With the use of AAD Connect and a simple connector, AAD PTA relies on secure outbound communication to validate username and password credentials against your on-premises Active Directory. No need to sync AD passwords to AAD, nor deploy AD FS!