25,176 questions
For this scenario, the best approach is to implement CA policy and allow access against compliant devices. You will need to enroll your company devices in Intune and push a compliance policy for this to work correctly.
Only domain computer can access to company Office365 mailboxes
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 27%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFC%3C/text%3E%3C/svg%3E)
Federico Coppola
1,181
Reputation points
Hi all,
In company there is Windows AD domain (Windows Server 2016 domain controllers) and Office365.
In this moment there isn't sync between local Windows AD domain and Azure AD.
All employees use Office365 mailbox and Office365 suite on their laptop.
I know that we can use Azure AD Connect to sync local Active Directory users. Can we use it to sync computer domain?
We need that only company computer can connect company email account.
Our goal is that employees are not going to use personal laptop to read e-mail.
Can we do it?
Do we need InTune license to limit email access just from company laptop?
Thanks in advanced!
Best regards
Federico
Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Security | Intune | Other
5,571 questions
3 answers
Sort by: Most helpful
-
-
Simon Ren-MSFT 40,346 Reputation points Microsoft External Staff2021-12-14T02:34:32.467+00:00 Hi,
Thanks for posting in Microsoft Q&A forum.
==>We need that only company computer can connect company email account.
Agree with @Rahul Jindal [MVP] . Per my experience, we could use device-based Conditional Access to achieve this goal.Intune and Azure Active Directory work together to make sure only managed and compliant devices can access email, Microsoft 365 services, Software as a service (SaaS) apps, and on-premises apps. Additionally, we can set a policy in Azure Active Directory to only enable domain-joined computers or mobile devices that are enrolled in Intune to access Microsoft 365 services.
For more detailed information, please refer to:
Device-based Conditional Access
Guide: Limit Microsoft 365 Access to Corporate Devices with Conditional Access
Note: The non-Microsoft link is just for your reference.Thanks for your time.
Best regards,
Simon
If the response is helpful, please click "Accept Answer" and upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread. -
Federico Coppola 1,181 Reputation points
2021-12-15T16:25:24.383+00:00 Thanks a lot for your suggestions!
Federico
-
Simon Ren-MSFT 40,346 Reputation points Microsoft External Staff
2021-12-16T02:29:57.763+00:00 Hi,
Thanks for your reply. If the answer is helpful, it's appreciated that you could click "Accept Answer", this will help other users to search for useful information more quickly.
If there is any other assistance we can provide, please feel free to let us know, we will do our best to help you. Thank you!
Best regards,
Simon
Sign in to comment -