060: Conditional access policy
Overview
Microsoft Intune device compliance policies can evaluate the status of managed devices to ensure they meet your requirements before you grant them access to your organization's apps and services. The status results from your device compliance policies can be used by Microsoft Entra Conditional Access policies to enforce security and compliance standards. This combination is referred to as device-based Conditional Access.
From within the Intune admin center, you can access the Conditional Access policy UI as found in Microsoft Entra ID. This access includes all of the Conditional Access options you would have if you were to configure the policy from within the Azure portal. The policies you create can specify the apps or services you want to protect, the conditions under which the apps or services can be accessed, and the users that the policy applies to.
To Create a device-based Conditional Access policy your account must have one of the following permissions in Microsoft Entra:
*Global administrator
*Security administrator
*Conditional Access administrator
To take advantage of device compliance status, configure Conditional Access policies to Require device to be marked as compliant. This option is set while configuring Grant access during step 6 of the following procedure.