Share via

Restricting Access to a Web Application Based on Device Compliance with Intune and Azure AD

Mohan s 20 Reputation points
2024-11-04T09:53:45.36+00:00

I am currently using Microsoft Intune to manage access to a third-party web application that has been registered as a web link app type. I have successfully added the application in Intune, and it appears in the Company Portal. However, users can share the link to the web application with others who do not have the Company Portal app installed, which allows access from non-compliant devices that I want to prevent.

Requirements:

  • Restrict access to the web application so that it can only be opened on devices compliant with our Intune policies.
  • Block users from opening the application on non-compliant devices, even if they have the link.

Steps Taken:

  1. Conditional Access Policies: Created a Conditional Access policy in Azure AD that requires devices to be compliant to access the application.
  2. Compliance Policies: Set up compliance policies in Intune to define the compliance criteria for devices.

Questions:

  1. What additional configurations or steps should be implemented to ensure that only compliant devices can access the web application and prevent link sharing?
  2. Are there specific Intune App Protection Policies that should be applied to further restrict access based on device compliance?

Any guidance or best practices on how to effectively enforce these restrictions would be greatly appreciated!

Microsoft Security | Intune | Microsoft Intune iOS
Microsoft Security | Intune | Microsoft Intune Android
Microsoft Security | Intune | Application management
Microsoft Security | Intune | Compliance
Microsoft Security | Intune | Other
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. ZhoumingDuan-MSFT 17,350 Reputation points Microsoft External Staff
    2024-11-05T02:56:52.5566667+00:00

    @Mohan s, Thanks for posting in Q&A.

    From your description, I know you want to restrict access to a web application using Intune and have created Conditional Access Policies and Compliance Policies.

    Based as I know, Conditional access policy prevents access to a resource by blocking the target resource, through your description, devices that do not comply with the conditional access policy can still access the application, it may be because you configured the Target Resource incorrectly, so please check if your target resource is correct.

    User's image

    Here is a link about all resource we can configure.

    https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-cloud-apps

    Also, please look through the sign in log to see if the conditional access policy is working properly.

    https://learn.microsoft.com/en-us/entra/identity/monitoring-health/how-to-view-applied-conditional-access-policies

    Please check above information, if there is any update, feel free to let me know.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.