Device Registration from untrusted networks

Cristobal Fallas 30 Reputation points
2023-11-15T14:59:52.6233333+00:00

I have created a conditional access block policy for unknown locations in which I'm only allowing access to the Office 365 applications, so this was added as an exclusion.

In a separate policy, I'm requiring that those Office applications can only be accessed from external locations when the device is marked as compliant, so I want to allow the users to be able to register BYOD devices and bring them to compliance so that resources can be accessed but the block policy does not allow users to register the devices from unknow locations. I'm unable to exclude the Microsoft Auth broker or the Intune Enrollment application from conditional access applications, it just don't appear, but it does get matched as "all apps are included."

pic1

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,425 questions
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.