AAU Student Projects is unavailable between June 15th 1.30pm and 17th 1.30pm due to planned system maintenance. The projects cannot be downloaded during this period.
AAU Student Projects - visit Aalborg University's student projects portal
An executive master's programme thesis from Aalborg University
Book cover


Semantic Policy Interaction Analysis for Microsoft Entra ID Conditional Access Baselines

Author

Term

4. semester

Education

Cyber Security, Master

Publication year

2026

Submitted on

Abstract

Cloud identity platforms increasingly act as the security control plane. In Microsoft Entra ID, effective access enforcement depends not only on individual Conditional Access policies but also on how baseline policies, surrounding policies, and exclusions interact over time. This thesis addresses the risk that an unchanged baseline can lose its intended governance effect as the surrounding policy structure evolves. The central question is how, within a bounded scope, to evaluate whether baseline intent is preserved and to systematically surface interactions and coverage gaps that weaken control. The work proposes a bounded semantic evaluation approach that separates direct comparison of the baseline artifact from semantic assessment of surrounding policy composition, introduces a model to represent baseline intent, governed scope, and policy state, and implements the approach in an executable prototype. The prototype is evaluated using controlled scenario packages, and the results show that it preserves selected outcome distinctions and produces the expected records across the scenario set. The contribution is a structured and inspectable method for deriving candidates for semantic policy interactions and structural coverage observations within a clearly defined abstraction boundary.

Cloud-identitetsplatforme fungerer i stigende grad som sikkerhedens styreplan. I Microsoft Entra ID afhænger effektiv adgangshåndhævelse ikke kun af den enkelte Conditional Access-politik, men af, hvordan baseline-politikker, øvrige politikker og undtagelser spiller sammen over tid. Dette speciale adresserer, at en uændret baseline kan miste sin tilsigtede styringseffekt, når den omgivende politikstruktur ændres. Det centrale spørgsmål er, hvordan man inden for en afgrænset ramme kan evaluere, om baseline-intentionen fortsat er bevaret, og systematisk afdække interaktioner og dækningshuller, der svækker styringen. Specialet foreslår en afgrænset semantisk evalueringsmetode, der adskiller direkte sammenligning af baseline-artefaktet fra semantisk vurdering af den omgivende politikkomposition, opstiller en model til at repræsentere baseline-intent, governed scope og politiktilstand, og realiserer metoden i en kørbar prototype. Prototypen evalueres med kontrollerede scenariepakker, og resultaterne viser, at den bevarer de valgte udfaldsskel og producerer de forventede registreringer på tværs af scenarierne. Bidraget er en struktureret og efterprøvbar metode til at udlede kandidater for semantiske politikinteraktioner samt strukturelle dækningsobservationer inden for en klart defineret abstraktionsgrænse.

[This apstract has been generated with the help of AI directly from the project full text]

Documents

Download PDF
View record in AAU Student Projects