在 Azure 门户中迁移经典策略Migrate a classic policy in the Azure portal

本文演示如何迁移要求对云应用进行多重身份验证的经典策略。This article shows how to migrate a classic policy that requires multi-factor authentication for a cloud app. 虽然不是先决条件,但我们建议你在开始迁移经典策略之前阅读在 Azure 门户中迁移经典策略Although it is not a prerequisite, we recommend that you read Migrate classic policies in the Azure portal before you start migrating your classic policies.

Salesforce 应用需要进行 MFA 的经典策略详细信息

迁移过程包括以下步骤:The migration process consists of the following steps:

  1. 打开经典策略获取配置设置。Open the classic policy to get the configuration settings.
  2. 创建新的 Azure AD 条件访问策略以替换经典策略。Create a new Azure AD Conditional Access policy to replace your classic policy.
  3. 禁用经典策略。Disable the classic policy.

打开经典策略Open a classic policy

  1. Azure 门户中,导航到“Azure Active Directory” > “安全性” > “条件访问” 。In the Azure portal, navigate to Azure Active Directory > Security > Conditional Access.

  2. 选择“经典策略” 。Select, Classic policies.

    经典策略视图

  3. 在经典策略列表中,选择要迁移的策略。In the list of classic policies, select the policy you wish to migrate. 记录配置设置,以便可以使用新的条件访问策略重新创建。Document the configuration settings so that you can re-create with a new Conditional Access policy.

创建新的条件访问策略Create a new Conditional Access policy

  1. Azure 门户中,导航到“Azure Active Directory” > “安全性” > “条件访问” 。In the Azure portal, navigate to Azure Active Directory > Security > Conditional Access.

  2. 若要创建新的条件访问策略,请选择“新建策略” 。To create a new Conditional Access policy, select New policy.

  3. 在“新建”页上的“名称”文本框中,键入策略的名称。 On the New page, in the Name textbox, type a name for your policy.

  4. 在“分配”部分中,单击“用户和组”。 In the Assignments section, click Users and groups.

    1. 如果已在经典策略中选择所有用户,请单击“所有用户”。 If you have all users selected in your classic policy, click All users.
    2. 如果已在经典策略中选择组,请单击“选择用户和组”,并选择所需的用户和组。 If you have groups selected in your classic policy, click Select users and groups, and then select the required users and groups.
    3. 如果需要排除组,请单击“排除”选项卡,并选择所需的用户和组。 If you have the excluded groups, click the Exclude tab, and then select the required users and groups.
    4. 选择“完成” Select Done
  5. 在“分配” 部分中,单击“云应用或操作” 。In the Assignment section, click Cloud apps or actions.

  6. 在“云应用或操作”页上执行以下步骤: On the Cloud apps or actions page, perform the following steps:

    1. 单击“选择应用”。 Click Select apps.
    2. 单击“选择”。 Click Select.
    3. 在“选择”页上选择云应用,单击“选择”。 On the Select page, select your cloud app, and then click Select.
    4. 在“云应用”页上,单击“完成”。 On the Cloud apps page, click Done.
  7. 如果已选择“需要多重身份验证”: If you have Require multi-factor authentication selected:

    1. 在“访问控制”部分中,单击“授予”。 In the Access controls section, click Grant.
    2. 在“授予”页上,依次单击“授予访问权限”、“需要多重身份验证”。 On the Grant page, click Grant access, and then click Require multi-factor authentication.
    3. 单击“选择”。 Click Select.
  8. 单击“打开” 启用策略,然后选择“保存” 。Click On to enable your policy then select Save.

    创建条件访问策略

禁用经典策略Disable the classic policy

若要禁用经典策略,请单击“详细信息” 视图中的“禁用” 。To disable your classic policy, click Disable in the Details view.

禁用经典策略

后续步骤Next steps