![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 70%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBL%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
24,291 questions
To achieve your objective of denying Salesforce login access when users are on a personal computer or device, follow these general steps:
Log in to the Azure portal & navigate to Azure Active Directory > Enterprise applications.
Select the Salesforce app (you should have set up the Salesforce integration with Azure AD beforehand).
In the left-hand pane of the Azure AD section, select Security.Under Security, click on Conditional Access. Click on + New policy.
Provide a name for your policy, something descriptive like "Block Salesforce on Personal Devices".
Under Assignments, select **Users and groups.**Choose the users/groups for which this policy will apply.
Under Assignments, select **Cloud apps.**Choose "Select apps" and then pick "Salesforce".
Select Conditions and then Device platforms.Choose the desired platforms to target. For instance, if you want to block mobile devices, choose iOS and Android.Under Conditions, select Client apps if you want to target specific types of access, like browser or mobile apps.There are also other conditions like Locations if you wish to enforce policies based on user locations.
Finally, Under Access controls, select Grant.Choose Block access.Enable Policy and Save:Set the policy to On and click on Create.