Share via

Exclude Android device in Intune from Conditional access policy

walid issa 45 Reputation points
2024-07-17T13:13:33.21+00:00

Is it possible to exclude non registered (not enrolled) android device from a policy in conditional access to allow login from this device for example using Request ID.

I don't want to exclude per User because the user will be able to access from all devices.

Thanks

Microsoft Security | Intune | Other
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. glebgreenspan 2,245 Reputation points
    2024-07-17T13:25:34.2+00:00

    Hello Walid

    1. Create a new Conditional Access policy.
    2. Add a "Client App" condition and select "Android" as the platform.
    3. Set the "Application" field to "Request ID". This will allow you to specify a specific Request ID (e.g., a custom app or a publicly available app).
    4. In the "Include" section, select "Except for users who are not enrolled in any device-based conditional access policies". This will ensure that only non-enrolled Android devices will be excluded from the policy.
    5. Set the remaining settings according to your requirements (e.g., grant access, block access, etc.).
    0 comments
  2. Rahul Jindal [MVP] 10,911 Reputation points MVP
    2024-07-18T06:13:22.61+00:00

    You can use device filter in CA to exclude non enrolled\compliant devices.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.