microsoft

Adding complex filters for Conditional Access policies

Team

1 x Product Manager
2 x UX Designers
1 x Engineer

Role

UX Designer

Year

2023

Overview

Conditional Access policies improve security by managing access to an organization's essential data. Administrators of Conditional Access create policies that allow or restrict access based on specific conditions. Their objective while creating policies is to ensure the right people have access to the right resources under the right conditions.

Customers have consistently asked for a feature that identifies policies with specific conditions or controls. I was tasked with adding new policy filters for Conditional Access while working with the engineering team on a tight deadline.

metric

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

metric

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

metric

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

Problem

Customers who manage Conditional Access lack the ability to identity policies with specific conditions or controls. The lack of this ability forces customers to go through policies one by one to understand their configuration. This process is not only time consuming for the customer but also prone to errors.

Previous design

When adding a role assignment, every role is listed in the same section regardless of privilege. Since users have a difficult time knowing which Azure roles they should assign, they often default to the ones located at the top of the list.

Customers are only able to filter policies by 'state', 'creation date', or 'modified date'

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

The challenge

The project spec included a list of 22+ filtering categories to be designed and shipped within a 2-week deadline. While this was a good starting point, the list did not reflect how categories are applied in Conditional Access. The filters needed to support various levels of granularity and allow users to filter policies based on specific conditions.

We were handed a large list of filtering categories to be added to the policies page

Solution

A new 'add filter' menu was designed to quickly navigate filter categories. Items were organized to follow the same structure and hierarchy found in Conditional Access. Using a split button menu component gives users the ability to quickly browse and select from various categories and subcategories.

[data-wf-bgvideo-fallback-img] { display: none; } @media (prefers-reduced-motion: reduce) { [data-wf-bgvideo-fallback-img] { position: absolute; z-index: -100; display: inline-block; height: 100%; width: 100%; object-fit: cover; } }

I worked closely with engineering to customize the query editor for each filter. This makes it possible to filter policies based on complex conditions or controls and saves customers tremendous amounts of time by not going through policies one by one.

Understanding policy creation

One of the early steps was understanding the how policies are created in Conditional Access. I collaborated with another designer to visually map out the various categories and subcategories that exist when creating a policy. This helped me organize filter categories so that they align with the user's mental model of policy creation.

Once a primary category is selected, users must choose from various options and sub-options.

We visually mapped out the filter categories from the original project spec.

Working with a tight deadline

With only a 2-week timeline, my goal was to find existing patterns that engineering could reuse. The query editor component worked well for the Conditional Access filters. I mocked up each scenario and collaborated with the engineer to modify the component with the correct controls for each filter category.