Lock M365 and Azure access to Azure VDI

Srinivas Rautwar 1 Reputation point
2021-06-30T01:47:28.243+00:00

For security and compliance reasons, I would like to allow access to M365 and Azure services from Azure VDI only. Basically, block access if it is not Azure VDI.

Is this possible? Does conditional access help?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,451 questions
0 comments No comments
{count} votes

4 answers

Sort by: Most helpful
  1. VipulSparsh-MSFT 16,231 Reputation points Microsoft Employee
    2021-07-01T01:16:31.183+00:00

    @Srinivas Rautwar Thanks for reaching out. This is not possible currently. the conditional access cannot allow access to office 365 just from Azure VDI.
    You still have options to secure office 365 access by device state (Hybrid AAD joined and compliant devices), and approved apps from conditional access.

    But if you are looking for particularly Azure VDI, no option as such.

    -----------------------------------------------------------------------------------------------------------------

    If the suggested response helped you resolve your issue, please do not forget to accept the response as Answer and "Up-Vote" for the answer that helped you for benefit of the community.


  2. Srinivas Rautwar 1 Reputation point
    2021-07-10T22:01:00.993+00:00

    @JamesTran-MSFT This issue is not resolved.

    Let me rephrase my question:

    1. User should not be able to access any O365 Services from his personal or work PC except the Azure VD.
    2. Only services that are allowed from personal or work PC are the authentication services

    The instructions provided are generic conditional access policies and are not addressing my requirements. Please let me know if you need more details.


  3. Srinivas Rautwar 1 Reputation point
    2022-02-05T18:55:17.163+00:00

    @Anonymous I didn’t get any help, but I was able to write my own conditional access policies.

    It is working for all cases, but one. The user password change / MFA is also blocked when I applied the CA. I contacted MS for help, but no lock.

    Apply the CA to All users and all apps to block except the Azure Virtual Desktop and Azure VD Sign in apps. Let me know if you have any questions or need help.

    0 comments No comments

  4. Anonymous
    2022-02-07T16:09:21.4+00:00

    Great, thanks Srinivas. I will start with this approach, might take sometime as we have to start from scratch but now have some confidence that it can be done. Will let you know how I make out.

    0 comments No comments