conditional access-filter for device

Question

how to understand conditional access policy-filter for device?
we need to limit specific account with specific device (iOS and Android) that can be access the cloud app.
Therefore, the function of filter for device might be necessary for it.
how to meet the requirement, thanks a lot

Answer 1

@Go believe Based on my understanding, it is needed to create two conditional access policies to make it.

Please filter the target devices in "include filtered devices in policy" and select grant access in the first conditional access policy. It will make the target devices can access the cloud app.

Then filter the target devices in "Exclude filtered devices in policy" and select block access in the second conditional access policy. It will block other devices to access the cloud app.

Hope it will help

Answer 2

Hi Gobelieve,
I’m sure you’re looking for an easy button for this question, however I’m going to suggest you approach this solution slowly.
Conditional Access is very powerful and with great power can come great disasters.
I have 2 references for you below: the Microsoft Learn and a great write up on understanding filters better.
I would also encourage you to always always test your filters in a test tenant and even then take baby steps when adding them to production.
Good Luck!

using-filters-for-devices-as-condition-in-conditional-access-policies
concept-condition-filters-for-devices