Using this filter is only possible against devices Entra "knows" about, it will not work for unregistered/unrecognized devices. See the note here and also the table at the end of the article: https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-condition-filters-for-devices#supported-operators-and-device-properties-for-filters
Conditional Access Policy for Operating System Version
Glyn Roberts
0
Reputation points
I am trying to create a conditional access policy to prevent users on insecure OS versions from accessing company data. I am using the Operating System Version filter and have tried various operators and values for IOS devices but nothing I do seems to have any effect and all devices just get blocked. Is there some limitation on the operatingSystemVersion filter?
As a side note, we do not currently have InTune so I cannot achieve the same goal with Compliance Policies.