![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 87%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBH%3C/text%3E%3C/svg%3E)
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
974 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 82%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAZ%3C/text%3E%3C/svg%3E)
Hi Basem,
To restrict Azure Portal access to only domain-joined PCs, you can set up device-based Conditional Access policies using Microsoft Intune and Microsoft Entra Conditional Access. These policies evaluate the compliance status of managed devices and enforce security and compliance standards by allowing access only to compliant devices.
- Set Up Intune Device Compliance Policies: Before setting up Conditional Access, you need to configure Intune device compliance policies to ensure devices meet specific requirements.
- Create a Conditional Access Policy in Intune:
- Sign in to the Microsoft Intune admin center.
- Navigate to Endpoint security > Conditional access > Create new policy.
- Sign in to the Microsoft Intune admin center.
- Configure Conditions and Access Controls:
- Set conditions for the policy, including device platforms and client apps.
- Under Access controls, configure the policy to 'Require device to be marked as compliant'. This is important to ensure that the policy uses device compliance status. You can also configure other requirements such as multi-factor authentication or requiring a Microsoft Entra hybrid joined device.
- Set conditions for the policy, including device platforms and client apps.
Please check the following MS. Documentation : https://learn.microsoft.com/en-us/mem/intune/protect/create-conditional-access-intune
Hope that helps!