Conditional Access Rights

Nidhi Priya 451 Reputation points
2023-04-27T11:55:49.6866667+00:00

Hello experts!

Can you please tell me which rights or role is required for a user to read the Conditional access policy and they should not be able to modify anything? I have assigned a security reader, Intune administrator and Read-only operator to a user but is not able to read CA Policy.

Thanks!

Nidhi

Microsoft Intune Configuration
Microsoft Intune Configuration
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Configuration: The process of arranging or setting up computer systems, hardware, or software.
1,899 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,088 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Crystal-MSFT 48,766 Reputation points Microsoft Vendor
    2023-04-28T01:31:01.3133333+00:00

    @Nidhi Priya, Thanks for posting in Q&A. In fact, Conditional Access is the feature in Azure AD. And based on my research, the role "Security Reader" has the permission to read conditional access for policies.

    https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#security-reader

    I notice the role is already assigned. Please go to Azure AD portal to double confirm the role is under "Assigned roles" of this user. Meanwhile, I notice using this feature requires Azure AD Premium license. Please ensure this license is also assigned to this user as well.

    https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/overview#license-requirements

    Hope the above information can help.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.