Share via

How to block access to Azure Portal from personal devices (Conditional Access)?

Suppachai Chommaporn 0 Reputation points
2025-12-09T10:40:57.5866667+00:00

How to block access to Azure Portal from personal devices (Conditional Access)?

I can't select the Azure Portal on Conditional Access as the attached picture.

Please advise.

Thank you,

Suppachaic

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2025-12-09T10:41:08.94+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    To block access to the Azure Portal from personal devices using Conditional Access, you can create a Conditional Access policy that targets all users and excludes personal devices. Here are the steps you can follow:

    1. Sign in to the Microsoft Entra admin center as a Conditional Access Administrator.
    2. Navigate to Entra ID > Conditional Access > Policies.
    3. Select New policy.
    4. Give your policy a meaningful name.
    5. Under Assignments, select Users or workload identities:
      • Include: Select All users.
      • Exclude: Choose your organization's emergency access or break-glass accounts.
    6. Under Target resources > Resources (formerly cloud apps):
      • Include: Select All resources (formerly 'All cloud apps').
    7. Under Conditions, select Device platforms:
      • Set Configure to Yes.
      • Under Include, select Any device.
      • Under Exclude, select the platforms that correspond to personal devices (e.g., Android, iOS).
    8. Under Access controls > Grant, select Block access.
    9. Confirm your settings and set Enable policy to On.
    10. Select Create to enable your policy.

    If you cannot select the Azure Portal specifically, ensure that you have the correct permissions and that the Azure Portal is included in the resources you are targeting.

    References:

    0 comments
  2. Monalisha Jena 4,070 Reputation points Microsoft External Staff Moderator
    2025-12-10T08:06:17.48+00:00

    Hello Suppachai Chommaporn,

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    I will try to clarify your doubts and propose you some solutions.

    So, when you're trying to block access to the Azure Portal from personal devices using Conditional Access but are facing issues selecting the Azure Portal in your configurations.

    Before we proceed further would like to know below points as:

    What specific OS platforms do the personal devices use? Are you using Microsoft Intune for device management? Can you confirm if you have the correct permissions and licenses in place? Are there any error messages displayed when you attempt to select the Azure Portal?

    Till then will suggest you below solution steps like:

    1. Conditional Access Policies Basics: To start with, Conditional Access policies are essentially "if-then" statements that enforce access requirements based on certain conditions. In your case, you want to ensure that only managed devices can access the Azure Portal.
    2. Configure Access Controls:
      • You can achieve this by requiring devices to be either compliant with Mobile Device Management (MDM) policies (like Intune) or hybrid joined devices. This means only registered and managed devices would be allowed access.
    3. Creating a New Policy:
      • Sign in to the Microsoft Entra admin center as a Conditional Access Administrator.
      • Navigate to Entra ID > Conditional Access > Policies.
      • Click on New policy and give your policy a name.
      • In Assignments, specify the users or groups this policy will apply to.
      • For Cloud apps, select resources to apply your policy to (note: ensure you include the Azure Portal).
      • Under Conditions, specifically check device platforms to make sure you specify excluded platforms (like iOS, Android, etc.).
      • Under Access Controls, select Grant and choose the option to Require device to be marked as compliant.
    4. Testing the Policy:
      • Before enabling the policy, set it to Report-only mode to test its impacts. Use tools like the what-if tool to simulate sign-ins and see potential outcomes.
    5. Monitoring and Adjusting: After implementation, monitor the policy to ensure that it’s functioning as intended without locking out users accidentally.

    NOTE:

    • If you're unable to select the Azure Portal specifically, make sure you have the required permissions and license (Microsoft Entra ID P1 or P2).
    • Review any user or endpoint that might need adjusting to suit the Conditional Access criteria set in your policy.

    Please do refer below docs for better understanding:

    Hope this helps! If it answered your question, please consider clicking Accept Answer and Upvote. This will help us and others in the community as well.

    If you need more info, feel free to ask in the comments. Happy to help!

    Regards,

    Monalisha

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.