Conditional Access Policy

LabDays 21 Reputation points
2020-08-19T12:31:06.177+00:00

Hi

Regarding Mobile phone enrolment in Intune.

We can set a conditional access policy in Azure for mobile that 'requires device to be compliant'

There are also compliance policies in Intune we can set.

My question is do we need both?

So If we dont have a conditional access policy that 'requires device to be compliant' but we do have intune compliance policies then does this suffice to ensure a device still needs to be compliant to enrol in Intune?

Do the two coexist or is it one or the other?

Microsoft Intune Enrollment
Microsoft Intune Enrollment
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Enrollment: The process of requesting, receiving, and installing a certificate.
847 questions
No comments
{count} votes

Accepted answer
  1. CiciWu-MSFT 1,166 Reputation points
    2020-08-20T03:05:54.28+00:00

    Basically compliance policies is enough to ensure a device to be compliant when enrolling in Intune. Speak more deeply, If you set Conditional Access Policy, Compliance Policy and Conditional Access Policy are mutually binding with each other. For example, when you use Conditional Access, you can configure your Conditional Access policies to use the results of your device compliance policies to determine which devices can access your organizational resources. This access control is in addition to and separate from the actions for noncompliance that you include in your device compliance policies.
    When a device enrolls in Intune it registers in Azure AD. The compliance status for devices is reported to Azure AD. If your Conditional Access policies have Access controls set to Require device to be marked as compliant, Conditional access uses that compliance status to determine whether to grant or block access to email and other organization resources.
    If you’ll use device compliance status with Conditional Access policies, review how your tenant has configured Mark devices with no compliance policy assigned as, which you manage under Compliance policy settings.

    Reference: https://learn.microsoft.com/en-us/mem/intune/protect/device-compliance-get-started

    No comments

1 additional answer

Sort by: Most helpful
  1. LabDays 21 Reputation points
    2020-08-20T10:08:11.513+00:00

    Thank you I understand :)

    I appreciate you taking the time to respond

    No comments