This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(38.4, 63%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB%3C/text%3E%3C/svg%3E)
Can someone assist me in this please?
Our company has an existing Microsoft RADIUS Server to identify if it is corporate device before it can access to corporate network.
Now, we would like to integrate Microsoft RADIUS Server with Conditional access policy such that when the device is not compliant with the Intune compliance policy and configuration policy even if it is a corporate device, it will not be able to access any resources (on-premise and cloud applications). Is this possible?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 26%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
Hi @Belinda Thank you for posting this in Microsoft Q&A.
I understand you want integrate Microsoft RADIUS server with conditional access policy.
Yes, it is possible to integrate Microsoft RADIUS Server with Conditional Access policy to restrict access to corporate resources for non-compliant devices. You can use the "Require device to be marked as compliant" control in the Conditional Access policy to ensure that only compliant devices can access resources.
To configure this, you need to create a new Network Policy in the Network Policy Server management console and select "Remote Access Server (VPN-Dial up)" as the network access server type.
For your reference: https://learn.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-np-configure
Once the Network Policy is created, you can create a new Conditional Access policy in the Microsoft Entra Id and select the "Require device to be marked as compliant" control. This will ensure that only compliant devices can access corporate resources, even if they are corporate devices.
Hope this helps. Do let us know if you any further queries.
Thanks,
Navya.
If the answer is helpful, please click "Accept Answer" and kindly" upvote" it.
Hello Navya,
Thanks for getting back.
We have done your method but the device marked as non-compliant, still can access to on-premise application. We wanted non-compliant devices unable to access both on-premise application and cloud resources.