Conditional Access Policy for Operating System Version

Glyn Roberts 0 Reputation points
2024-09-19T12:44:20.3733333+00:00

I am trying to create a conditional access policy to prevent users on insecure OS versions from accessing company data. I am using the Operating System Version filter and have tried various operators and values for IOS devices but nothing I do seems to have any effect and all devices just get blocked. Is there some limitation on the operatingSystemVersion filter?

As a side note, we do not currently have InTune so I cannot achieve the same goal with Compliance Policies.

Microsoft Entra
{count} votes

1 answer

Sort by: Most helpful
  1. Vasil Michev 105.6K Reputation points MVP
    2024-09-19T15:55:19.5+00:00

    Using this filter is only possible against devices Entra "knows" about, it will not work for unregistered/unrecognized devices. See the note here and also the table at the end of the article: https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-condition-filters-for-devices#supported-operators-and-device-properties-for-filters

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.