088: Conditional access policy

Overview

1. What is Device-Based Conditional Access?

   • Device-based Conditional Access combines Intune device compliance policies with Conditional Access policies to enforce security and compliance standards.
   • It ensures that only compliant devices can access your organization's apps and services.

2. Benefits:

   • Granular Control: You can specify which apps or services to protect, conditions for access, and the targeted users.
   • Enhanced Security: By requiring devices to be marked as compliant, you strengthen security posture.
   • Integration: Works seamlessly with Azure AD Conditional Access.
   • App-Based Conditional Access: You can also use app-based policies alongside device-based ones.

3. Drawbacks:

   • Complexity: Setting up and managing policies can be intricate.
   • User Experience: Non-compliant devices may face restrictions, impacting user access.
   • Configuration Challenges: Proper setup requires configuring both Intune compliance policies and Conditional Access policies.

4. Impact on End Users:

   • Positive: Improved security, seamless access for compliant devices.
   • Negative: Non-compliant devices may experience restricted access or additional authentication steps.

Remember to configure Intune device compliance policies before setting up Conditional Access.

Reference

• Set up device-based Conditional Access policies with Intune: https://learn.microsoft.com/en-us/mem/intune/protect/create-conditional-access-intune
• How to configure Android enterprise devices in Microsoft Intune: https://learn.microsoft.com/en-us/troubleshoot/mem/intune/device-enrollment/configure-android-enterprise-devices-intune
• https://learn.microsoft.com/en-us/mem/intune/protect/compliance-policy-create-android-for-work