aad condition access scenario

Yash 1 Reputation point
2022-10-25T07:33:00.183+00:00

Hello,

My target is to create a group-based scenario, to Block access to cloud applications from mobile and \ or from desktop

1 group will allow users access to cloud app from desktop only, while mobile blocked 2nd group vice versa.
In case of assigning both groups, the access will be allowed from both environments. by default, the access is blocked.

Would be glad if anyone can help with.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,631 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Simon Skotheimsvik 171 Reputation points MVP
    2022-11-22T09:45:52.667+00:00

    Hi,

    You should test something like this in conditional access:

    Create one rule to block access to all cloud applications:

    • All users except break glass accounts, except AAD group for desktop access, except AAD group for mobile access
    • All Cloud Apps
    • Any Device
    • Block Access

    Desktop access

    • Selected AAD group with users, except break glass accounts
    • All Cloud Apps
    • Device platform: Windows
    • Grant access, Require MFA or Require device to be marked as compliant

    Mobile access

    • Selected AAD group with users, except break glass accounts
    • All Cloud Apps
    • Device platform: Android, iOS
    • Grant access, Require MFA or Require device to be marked as compliant

    Please test this on a limited subset of users.

    Best of luck,
    Simon

    0 comments No comments