Share via

Does signing into Office 365 Web-Apps make the device AAD Registered

Anonymous
2021-12-08T17:41:07.957+00:00

I am trying to create a conditional access policy where users have to use either an AAD joined, Hybrid Joined, or Registered device to access their M365 account. All our office computers are AAD Hybrid, but if a user signs in from an outside device, shouldn't that device be AAD Registered into AAD? It seems only signing into Client applications actually registeres the device. How can I make it so Cloud Apps force registration.

During testing my account is saying the following, but why don't I get the option to let my organization manage my device?
155920-snapchat-2133786443.jpg

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,243 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Manu Philip 17,031 Reputation points MVP
    2021-12-08T18:55:01.34+00:00

    You may exclude the app from the conditional access policy
    Go to Azure Active Directory blade> Enterprise applications>Security> Conditional access><Your Policy>Grant>Assignments>Cloud apps>Exclude tab>Excluded cloud apps
    Here select the CloudApp you are trying to access from outside the organization

  2. Mr Sbaa 356 Reputation points
    2021-12-08T21:22:01.063+00:00

    This is normal behaviour.

    Signing in the webportals will not trigger the Azure AD registration. This will only happen if user signs in M365 Apps such as the Outlook client or if users register their device in Windows with Intune service.