Rollout Conditional Access with device state and application compliance controls
Implementation Effort: High – Requires policy setup and integration with Intune. User Impact: High – Users may need to enroll devices or use compliant apps.
Overview
Rolling out Conditional Access with device state and application compliance controls ensures that only managed and compliant devices or protected apps can access corporate resources. This aligns with the Zero Trust principles of Verify Explicitly—access decisions are based on real-time signals from device compliance and app protection policies—and Use Least Privilege Access by limiting access to trusted endpoints. Device compliance is evaluated using Microsoft Intune, while app compliance can be enforced through app protection policies or management requirements. Without this enforcement, threat actors can use unmanaged, jailbroken or compromised devices and unsanctioned apps to exfiltrate sensitive data or persist in the environment without detection.